[users] Security alert for DAGs awstats
Chris Croome
chris at webarchitects.co.uk
Mon Jul 3 14:36:26 CEST 2006
Hi
I just came across this:
CVE-2006-2237
The web interface for AWStats 6.4 and 6.5, when statistics updates are
enabled, allows remote attackers to execute arbitrary code via shell
metacharacters in the migrate parameter.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237
Which links to this:
Version 6.6 or higher (safe from any known exploits)
http://awstats.sourceforge.net/awstats_security_news.php
Any chance that 6.6 could be packaged to update the vunerable versions?
http://dag.wieers.com/packages/awstats/
Thanks
Chris
--
Chris Croome <chris at webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
More information about the users
mailing list