SUSE-SA:2006:033: awstats

This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.

Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:033 (awstats).

This update fixes remote code execution vulnerabilities in the WWW
statistical analyzer awstats.

Since back porting awstats fixes is error prone we have upgraded it
to upstream version 6.6 which also includes new features.

Following security issues were fixed:
- CVE-2006-2237: missing sanitizing of the 'migrate' parameter. #173041
- CVE-2006-2644: missing sanitizing of the 'configdir' parameter. #173041
- Make sure open() only opens files for read/write by adding explicit <
and >.

Solution :

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 24414 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now