awstats -- arbitrary code execution vulnerability

ID E86FBB5F-0D04-11DA-BC08-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-08-23T00:00:00


An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval() function. As part of the statistics reporting function, AWStats displays information about the most common referrer values that caused users to visit the website. The referrer data is used without proper sanitation in an eval() statement, resulting in the execution of arbitrary perl code. Successful exploitation results in the execution of arbitrary commands with permissions of the web service. Exploitation will not occur until the stats page has been regenerated with the tainted referrer values from the http access log. Note that AWStats is only vulnerable in situations where at least one URLPlugin is enabled.