Info

Disclosure

Jan 01, 2005

Discovery

Unknown

Dates

Exploit

Jan 26, 2005

Solution

Unknown

Description

AWStats contains a flaw that may allow a malicious user to issue arbitray commands under the web server privileges. The issue is triggered when using the pipe character (|) and shell metacaracters in the 'configdir' variable of the awstats.pl script. Such input is not santitized before being passed to the perl 'open()' command to be executed.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Laurent Destailleur

AWStats

6.1

References

Bugtraq ID: 12298
Metasploit ID: 13002
Secunia Advisory ID: 13893 14007
CVE ID: 2005-0116 (see also: NVD)
CERT VU: 272296
Milw0rm: 772 773
Exploit Database: 772 773
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0288.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0258.html
Vendor URL: http://awstats.sourceforge.net/
Vendor Specific News/Changelog Entry: http://awstats.sourceforge.net/docs/awstats_changelog.txt
Other Advisory URL: http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
http://security.gentoo.org/glsa/glsa-200501-36.xml
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities
http://www.redteam-pentesting.de/advisories/rt-sa-2005-006.txt
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/awstats_configdir

Credit

iDefense - iDefense

Direct URL: http://osvdb.org/13002