FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)
High Nessus Plugin ID 18840
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionAn iDEFENSE Security Advisory reports :
Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server.
The problem specifically exists when the application is running as a CGI script on a web server. The 'configdir' parameter contains unfiltered user-supplied data that is utilized in a call to the Perl routine open()...
Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. This can lead to further compromise as it provides remote attackers with local access.
SolutionUpdate the affected package.