Quoting Geoff Crompton ([EMAIL PROTECTED]):
> The most recent vulnerability that I was aware of in Awstats can still
> work even in static mode. http://www.securityfocus.com/bid/14525. The
> referrer in the log file is not sanity checked.
Hmm. I note: "It should be noted this vulnerability is only possible
if the affected application has at least one URLPlugin enabled."
The iDefense advisory casts light on the problem Perl snippet:
the $url parameter contains unfiltered user-supplied
data that is used in a call to the Perl routine eval() on lines 4841
and 4842 of awstats.pl (version 6.4):
my $function="ShowInfoURL_$pluginname('$url')";
eval("$function");
The malicious referrer value will be included in the referrer
statistics portion of the AWStats report after AWStats has been run
to generate a new report including the tainted data. Once a user
visits the referrer statistics page, the injected perl code will
execute with permissions of the web service.
Unsafe data passed to eval(). Sheesh!
> I would agree with that idea. In fact, I've just lodged a bug report
> along those lines. Bug #341308.
Thank you, Geoff!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
