Ubuntu Security Notice USN-285-1
23rd May, 2006
awstats vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
Details
AWStats did not properly sanitize the 'migrate' CGI parameter. If the
update of the stats via web front-end is allowed, a remote attacker
could execute arbitrary commands on the server with the privileges of
the AWStats server.
This does not affect AWStats installations which only build static
pages.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- awstats
- Ubuntu 5.04:
- awstats
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None