FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

An iDEFENSE Security Advisory reports :

Remote exploitation of an input validation vulnerability in AWStats
allows remote attackers to execute arbitrary commands.

The problem specifically exists because of insufficient input
filtering before passing user-supplied data to an eval() function. As
part of the statistics reporting function, AWStats displays
information about the most common referrer values that caused users to
visit the website. The referrer data is used without proper sanitation
in an eval() statement, resulting in the execution of arbitrary perl
code.

Successful exploitation results in the execution of arbitrary commands
with permissions of the web service. Exploitation will not occur until
the stats page has been regenerated with the tainted referrer values
from the http access log. Note that AWStats is only vulnerable in
situations where at least one URLPlugin is enabled.

See also :

http://marc.info/?l=full-disclosure&m=112377934108902
http://www.nessus.org/u?21540da6
http://www.nessus.org/u?ee3dbd92

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21528 (freebsd_pkg_e86fbb5f0d0411dabc080001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1527