High Nessus Plugin ID 24414
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:033 (awstats).
This update fixes remote code execution vulnerabilities in the WWW statistical analyzer awstats.
Since back porting awstats fixes is error prone we have upgraded it to upstream version 6.6 which also includes new features.
Following security issues were fixed:
- CVE-2006-2237: missing sanitizing of the 'migrate' parameter. #173041
- CVE-2006-2644: missing sanitizing of the 'configdir' parameter. #173041
- Make sure open() only opens files for read/write by adding explicit < and >.