Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 AWStats Input Validation Flaws Let Users Execute Arbitrary Commands
Categorie: Vulnerability
Posted: 2005-01-18 by ReCall
Views: 342
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: Two security vulnerabilities were reported in AWStats. A local or remote user can execute commands on the target system.

The vendor reported that the 'awstats.pl' script does not properly validate user-supplied input in system environment variables and other inputs. A local user can supply specially crafted input to execute arbitrary Perl code with the privileges of the web service. From code review, it appears that a remote user can supply a specially crafted plug-in name to execute arbitrary commands [however, the vendor did not confirm this.]

iDEFENSE is credited with reporting one of the two security flaws.

Impact: A local user can execute Perl commands on the target system with the privileges of the web service.

A remote user may be able to execute arbitrary commands.

Solution: The vendor has issued a fixed version (6.3), available at:

http://awstats.sourceforge.net/#DOWNLOAD
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1297

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES