FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)

medium Nessus Plugin ID 21528

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

An iDEFENSE Security Advisory reports :

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands.

The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval() function. As part of the statistics reporting function, AWStats displays information about the most common referrer values that caused users to visit the website. The referrer data is used without proper sanitation in an eval() statement, resulting in the execution of arbitrary perl code.

Successful exploitation results in the execution of arbitrary commands with permissions of the web service. Exploitation will not occur until the stats page has been regenerated with the tainted referrer values from the http access log. Note that AWStats is only vulnerable in situations where at least one URLPlugin is enabled.

Solution

Update the affected package.

See Also

https://marc.info/?l=full-disclosure&m=112377934108902

https://www.verisign.com/en_US/security-services/index.xhtml

http://www.nessus.org/u?2e318f44

Plugin Details

Severity: Medium

ID: 21528

File Name: freebsd_pkg_e86fbb5f0d0411dabc080001020eed82.nasl

Version: 1.18

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:awstats, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/14/2005

Vulnerability Publication Date: 8/9/2005

Reference Information

CVE: CVE-2005-1527