USN-285-1: awstats vulnerability

23 May 2006

awstats vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description


AWStats did not properly sanitize the ‘migrate’ CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server.

This does not affect AWStats installations which only build static pages.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
Ubuntu 5.04

To update your system, please follow these instructions: