Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?

From: Thom Craver (tcraver_at_corp-com.com)
Date: 02/16/05

  • Next message: Thor (Hammer of God): "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
    Date: Wed, 16 Feb 2005 09:47:07 -0500
    To: bugtraq@securityfocus.com
    
    

    Jamie Pratt wrote:

    > Still no dice on 6.3, even with the "config=www.site.org" etc,etc..
    > same error. So.. Can we all agree that 6.3 is not vulnerable, because
    > I'd rather not upgrade to a dev/unstable release for no reason...

    I can confirm the bug on 6.3 running Apache 2.0.52.

    Furthermore, ANY system command inserted in the system() call can be
    executed. This is a very serious bug. Unpriviledged user or not, with
    an .rhosts file on a potential attacker's end, scp would work just
    nicely, then a chmod, then execution of any script they wanted to upload.

    This issue is not to be taken lightly.

    Until this issue is resolved, we have commented out the Plugin lines:
    # AWStats output is replaced by a plugin output
    if ($PluginMode) {
           my $function="BuildFullHTMLOutput_$PluginMode()";
           eval("$function");
           if ($? || $@) { error("$@"); }
           &html_end(0);
           exit 0;
    }

    If a plugin is called, it is apparently ignored and the stats are displayed.

    -- 
    Thom Craver
    Corporate Communications, Inc.
    www.corp-com.com
    585.262.3430 
    

  • Next message: Thor (Hammer of God): "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."

    Relevant Pages

    • ANN: UliPad 3.6 released!
      ... Mixin and Plugin technique as its architecture. ... Add range support for live regular expression search support ... Fix the bug of clicking on Cancel button on Python Parameter Input ...
      (comp.lang.python)
    • [opensuse] Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
      ... bug 5305: implement 'msa_networks', for ISPs to specify their Mail ... using sender-authorization systems like SPF, Domain Keys, and DKIM ... Spamc / spamd: ... to control the relative ordering of plugin callbacks relative to other ...
      (SuSE)
    • Re: Effective strategy for using VSS in a development team?
      ... Proper changeset support ... Control Integration in VS.NET 2003, but the new round of integration points ... integrated into VS. (It's an Explorer plugin.) ... but their bug tracking tool could be quite a bit better). ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Java-1.6.0-openjdk-plugin problem - (x86-64)
      ... plugin since the release of Fedora 10 Alpha x86_64. ... > You should file a bug, either at the Red Hat bug repository or at ... I've about had my fill of going backwards to resolve issues, especially with something that's been an ongoing issue for quite a while. ...
      (Fedora)
    • Re: Maven using ANT plugin for SCP task : Embedded error: Could not create task or type of type: scp
      ... My requirement is automating the build process which contains execution ... I am getting pear help in ANT, ... Similarly I plan to use ANT task scp via ANTRUN plugin for Maven. ... I have downloaded the jar "jsch-0.1.24.jar" via dependencies. ...
      (comp.lang.java.programmer)