AWStats Remote Command Execution Vulnerability (configdir)

**bornonline** · 01-18-2005 09:04 AM

Analysis:
Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. This can lead to further compromise as it provides remote attackers with local
access.
AwStats Vuln

Is this a global config or will it need to be changed for each domain?

**projectandrew** · 01-18-2005 09:29 AM

cPanel has AWstats 6.2 installed, which is the current stable version. The author has only released 6.3 as a development release.

It should be possible to centrally upgrade awstats.

http://secunia.com/advisories/13893/

Solution:
Update to version 6.3.
http://awstats.sourceforge.net/#DOWNLOAD

**projectandrew** · 01-18-2005 09:33 AM

You could follow this link, and adjust for 6.3:

http://forums.cpanel.net/showthread....pgrade+awstats

**bornonline** · 01-18-2005 09:53 AM

Thanks for the link man!

LinkBack

Thread Tools

AWStats Remote Command Execution Vulnerability (configdir)

how does awstats execution get scheduled?

cron execution command

Clam AntiVirus DoS Vulnerability & Remote code execution

AWStats 6.x Multiple Remote Command Execution (Shell) Exploit