[users] Security alert for DAGs awstats

Chris Croome chris at webarchitects.co.uk
Mon Jul 3 14:36:26 CEST 2006


Hi

I just came across this:

  CVE-2006-2237

  The web interface for AWStats 6.4 and 6.5, when statistics updates are
  enabled, allows remote attackers to execute arbitrary code via shell
  metacharacters in the migrate parameter.

  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237

Which links to this:

  Version 6.6 or higher (safe from any known exploits)

  http://awstats.sourceforge.net/awstats_security_news.php

Any chance that 6.6 could be packaged to update the vunerable versions?

  http://dag.wieers.com/packages/awstats/

Thanks

Chris

-- 
Chris Croome                               <chris at webarchitects.co.uk>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/   



More information about the users mailing list