FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)

high Nessus Plugin ID 18840

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

An iDEFENSE Security Advisory reports :

Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server.

The problem specifically exists when the application is running as a CGI script on a web server. The 'configdir' parameter contains unfiltered user-supplied data that is utilized in a call to the Perl routine open()...

Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. This can lead to further compromise as it provides remote attackers with local access.

Solution

Update the affected package.

See Also

https://marc.info/?l=full-disclosure&m=110600949323439

https://awstats.sourceforge.io/docs/awstats_changelog.txt

http://www.nessus.org/u?020e4b8e

http://www.nessus.org/u?77ccfd06

Plugin Details

Severity: High

ID: 18840

File Name: freebsd_pkg_0f5a2b4d694b11d9a9e70001020eed82.nasl

Version: 1.24

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:awstats, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/18/2005

Vulnerability Publication Date: 10/21/2004

Exploitable With

Metasploit (AWStats configdir Remote Command Execution)

Reference Information

CVE: CVE-2005-0116

BID: 12270

CWE: 20

CERT: 272296