Debian
awstats package

  1. Bug #12019
  2. Comment #3

Comment 3 for bug 12019

Revision history for this message
In , Martin Schulze (joey-infodrom) wrote : CAN-2005-0116: Arbitrary command execution

This problem has been assigned CAN-2005-0116:

URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116

Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
Reference: CONFIRM:http://awstats.sourceforge.net/docs/awstats_changelog.txt

AWStats 6.1, and other versions before 6.3, allows remote attackers to
execute arbitrary commands via shell metacharacters in the configdir
parameter.

Please
 . update the package in sid
 . mention the CVE id from the subject in the changelog
 . use priority=high
 . no need to upload into sarge directly, except if the version in
   sid is not meant to go into testing

Regards,

 Joey

--
Ten years and still binary compatible. -- XFree86

Please always Cc to me when replying to me on the lists.