AWStats 6.1, and other versions before 6.3, allows remote attackers to
execute arbitrary commands via shell metacharacters in the configdir
parameter.
Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. use priority=high
. no need to upload into sarge directly, except if the version in
sid is not meant to go into testing
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
This problem has been assigned CAN-2005-0116:
URL: http:// cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2005- 0116
Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability www.idefense. com/application /poi/display? id=185& type=vulnerabil ities&flashstat us=false awstats. sourceforge. net/docs/ awstats_ changelog. txt
Reference: URL:http://
Reference: CONFIRM:http://
AWStats 6.1, and other versions before 6.3, allows remote attackers to
execute arbitrary commands via shell metacharacters in the configdir
parameter.
Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. use priority=high
. no need to upload into sarge directly, except if the version in
sid is not meant to go into testing
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.