USN-285-1: awstats vulnerability

23 May 2006

awstats vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description

Details

AWStats did not properly sanitize the ‘migrate’ CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server.

This does not affect AWStats installations which only build static pages.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
awstats
Ubuntu 5.04
awstats

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References