lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050811214309.GA27490@piware.de>
Date: Thu, 11 Aug 2005 23:43:10 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-167-1] AWStats vulnerability

===========================================================
Ubuntu Security Notice USN-167-1	    August 11, 2005
awstats vulnerability
CAN-2005-1527
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

awstats

The problem can be corrected by upgrading the affected package to
version 6.3-1ubuntu0.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Peter Vreugdenhil discovered a command injection vulnerability in
AWStats. As part of the statistics reporting function, AWStats
displays information about the most common referrer values that caused
users to visit the website. Referer URLs could be crafted in a way
that they contained arbitrary Perl code which would have been executed
with the privileges of the web server as soon as some user visited the
referrer statistics page.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubuntu0.1.diff.gz
      Size/MD5:    24959 f6170f04b4fd207198e9dc196ee75e4f
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubuntu0.1.dsc
      Size/MD5:      595 5d41b190ad3cb0de8df1269026a08be7
    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3.orig.tar.gz
      Size/MD5:   938794 edb73007530a5800d53b9f1f90c88053

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubuntu0.1_all.deb
      Size/MD5:   726224 5a22e9eb2c651f1815dc9929bef53496

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ