lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050216074522.12941.qmail@www.securityfocus.com>
Date: 16 Feb 2005 07:45:22 -0000
From: K-OTiK Security <Special-Alerts@...tik.com>
To: bugtraq@...urityfocus.com
Subject: Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?


In-Reply-To: <42126DAD.7090704@...wich.edu>


6.4 was released on 2005-02-14 13:13

Fixes:
- Fix security hole that allowed a user to read log file content even
  when plugin rawlog was not enabled.
- Fix a possible use of AWStats for a DoS attack.
- configdir option was broken on windows servers.
- Minor fixes

Regards
K-OTik Security Research & Monitoring Team 24/7
http://www.k-otik.com/english



>Still no dice on 6.3, even with the "config=www.site.org" etc,etc.. same 
>error. So.. Can we all agree that 6.3 is not vulnerable, because I'd 
>rather not upgrade to a dev/unstable release for no reason...
>
>regards,
>jamie


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ