awstats -- remote command execution vulnerability

Description:

An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server.

The problem specifically exists when the application is running as a CGI script on a web server. The "configdir" parameter contains unfiltered user-supplied data that is utilized in a call to the Perl routine open()...

Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. This can lead to further compromise as it provides remote attackers with local access.

References:

BugTraq ID 12270
CVE name CVE-2005-0116
CERT vulnerability note 272296
List post: <http://marc.theaimsgroup.com/?l=full-disclosure&m=110600949323439>(search)
URL: <http://awstats.sourceforge.net/docs/awstats_changelog.txt>
URL: <http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false>

Affects:

awstats <6.3

portaudit: awstats -- remote command execution vulnerability

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>