Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
From: Thom Craver (tcraver_at_corp-com.com)
Date: 02/16/05
- Previous message: Conectiva Updates: "[CLA-2005:925] Conectiva Security Announcement - evolution"
- In reply to: Jamie Pratt: "Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?"
- Next in thread: Micah Brandon: "Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Feb 2005 09:47:07 -0500 To: bugtraq@securityfocus.com
Jamie Pratt wrote:
> Still no dice on 6.3, even with the "config=www.site.org" etc,etc..
> same error. So.. Can we all agree that 6.3 is not vulnerable, because
> I'd rather not upgrade to a dev/unstable release for no reason...
I can confirm the bug on 6.3 running Apache 2.0.52.
Furthermore, ANY system command inserted in the system() call can be
executed. This is a very serious bug. Unpriviledged user or not, with
an .rhosts file on a potential attacker's end, scp would work just
nicely, then a chmod, then execution of any script they wanted to upload.
This issue is not to be taken lightly.
Until this issue is resolved, we have commented out the Plugin lines:
# AWStats output is replaced by a plugin output
if ($PluginMode) {
my $function="BuildFullHTMLOutput_$PluginMode()";
eval("$function");
if ($? || $@) { error("$@"); }
&html_end(0);
exit 0;
}
If a plugin is called, it is apparently ignored and the stats are displayed.
-- Thom Craver Corporate Communications, Inc. www.corp-com.com 585.262.3430
- Previous message: Conectiva Updates: "[CLA-2005:925] Conectiva Security Announcement - evolution"
- In reply to: Jamie Pratt: "Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?"
- Next in thread: Micah Brandon: "Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
