|
Family: Debian Local Security Checks --> Category: infos
[DSA892] DSA-892-1 awstats Vulnerability Scan
Vulnerability Scan Summary DSA-892-1 awstats
Detailed Explanation for this Vulnerability Test
Peter Vreugdenhil discovered that awstats, a featureful web server log
analyser, passes user-supplied data to an eval() function, allowing
remote attackers to execute arbitrary Perl commands.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 6.4-1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 6.4-1.1.
We recommend that you upgrade your awstats package.
Solution : http://www.debian.org/security/2005/dsa-892
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|