Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:033: awstats Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the awstats package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:033 (awstats).
This update fixes remote code execution vulnerabilities in the WWW
statistical analyzer awstats.
Since back porting awstats fixes is error prone we have upgraded it
to upstream version 6.6 which also includes new features.
Following security issues were fixed:
- CVE-2006-2237: missing sanitizing of the 'migrate' parameter. #173041
- CVE-2006-2644: missing sanitizing of the 'configdir' parameter. #173041
- Make sure open() only opens files for read/write by adding explicit <
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_33_awstats.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.