AWStats awstats.pl PluginMode Parameter Arbitrary Command Execution

2005-02-14T10:10:35
ID OSVDB:13832
Type osvdb
Reporter ghc(ghc@ghc.ru)
Modified 2005-02-14T10:10:35

Description

Vulnerability Description

AWStats contains a flaw that may allow a malicious user to issue arbitrary commands under the webserver privileges. The issue is triggered when passing perl commands to the 'PluginMode' variable of the awstats.pl script via a colon (:) character. It is possible that the flaw may allow execution of arbitrary commands resulting in a loss of integrity.

Solution Description

Upgrade to version 6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AWStats contains a flaw that may allow a malicious user to issue arbitrary commands under the webserver privileges. The issue is triggered when passing perl commands to the 'PluginMode' variable of the awstats.pl script via a colon (:) character. It is possible that the flaw may allow execution of arbitrary commands resulting in a loss of integrity.

Manual Testing Notes

http://[target]/cgi-bin/awstats-6.4/awstats.pl?&PluginMode=:print+getpwent

References:

Vendor URL: http://awstats.sourceforge.net/ Vendor Specific Advisory URL Secunia Advisory ID:14299 Related OSVDB ID: 13834 Related OSVDB ID: 13831 Related OSVDB ID: 13833 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0163.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0151.html Generic Exploit URL: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf CVE-2005-0436 CERT VU: 259785