AWStats Logfile Parameter Remote Command Execution Vulnerability
BID:12572
Info
AWStats Logfile Parameter Remote Command Execution Vulnerability
| Bugtraq ID: | 12572 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2005 12:00AM |
| Updated: | May 04 2006 10:55PM |
| Credit: | Discovery is credited to <[email protected]>. |
| Vulnerable: |
AWStats AWStats 6.1 AWStats AWStats 6.0 AWStats AWStats 5.9 AWStats AWStats 5.8 AWStats AWStats 5.7 AWStats AWStats 5.6 AWStats AWStats 5.5 AWStats AWStats 5.4 AWStats AWStats 6.5 -1 |
| Not Vulnerable: | |
Discussion
AWStats Logfile Parameter Remote Command Execution Vulnerability
AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data.
Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl 'open()' routine. This issue is considered distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).
AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.
AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data.
Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl 'open()' routine. This issue is considered distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).
AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.
Exploit / POC
AWStats Logfile Parameter Remote Command Execution Vulnerability
An exploit is not required.
The following proof of concept supplied by <[email protected]> is available:
http://www.example.com/cgi-bin/awstats.pl?update=1&logfile=|/bin/ls|
An exploit is not required.
The following proof of concept supplied by <[email protected]> is available:
http://www.example.com/cgi-bin/awstats.pl?update=1&logfile=|/bin/ls|
Solution / Fix
AWStats Logfile Parameter Remote Command Execution Vulnerability
Solution:
Reportedly, AWStats versions subsequent to 6.1 are not affected by this vulnerability. This is not confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Reportedly, AWStats versions subsequent to 6.1 are not affected by this vulnerability. This is not confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
AWStats Logfile Parameter Remote Command Execution Vulnerability
References:
References:
- AWStats Homepage (AWStats)
- AWStats Vulnerability Analysis ([email protected])
- AWStats: Malicious config file shell code injection (Hendrik Weimer)