FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

awstats -- arbitrary code execution vulnerability

Affected packages
awstats < 6.4_1

Details

VuXML ID e86fbb5f-0d04-11da-bc08-0001020eed82
Discovery 2005-08-09
Entry 2005-08-14
Modified 2005-08-23

An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands.

The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval() function. As part of the statistics reporting function, AWStats displays information about the most common referrer values that caused users to visit the website. The referrer data is used without proper sanitation in an eval() statement, resulting in the execution of arbitrary perl code.

Successful exploitation results in the execution of arbitrary commands with permissions of the web service. Exploitation will not occur until the stats page has been regenerated with the tainted referrer values from the http access log. Note that AWStats is only vulnerable in situations where at least one URLPlugin is enabled.

References

CVE Name CVE-2005-1527
Message 20050811155502.61E3C7A00B4@mail.idefense.com
URL http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities