Signature Detail

HTTP: AWStats Remote Arbitrary Command Execution

This signature detects attempts to exploit a known vulnerability against AWStats. A successful attack can lead to arbitrary code execution.

Extended Description

AWStats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.

Affected Products

• Awstats awstats 6.5 -1
• Debian linux 3.1.0
• Debian linux 3.1.0 Alpha
• Debian linux 3.1.0 Amd64
• Debian linux 3.1.0 Arm
• Debian linux 3.1.0 Hppa
• Debian linux 3.1.0 Ia-32
• Debian linux 3.1.0 Ia-64
• Debian linux 3.1.0 M68k
• Debian linux 3.1.0 Mips
• Debian linux 3.1.0 Mipsel
• Debian linux 3.1.0 Ppc
• Debian linux 3.1.0 S/390
• Debian linux 3.1.0 Sparc
• Gentoo linux
• Suse linux_personal 10.0.0 OSS
• Suse linux_personal 10.1
• Suse linux_personal 9.1.0
• Suse linux_personal 9.1.0 X86 64
• Suse linux_personal 9.2.0
• Suse linux_personal 9.2.0 X86 64
• Suse linux_personal 9.3.0
• Suse linux_personal 9.3.0 X86 64
• Suse linux_professional 10.0.0
• Suse linux_professional 10.0.0 OSS
• Suse linux_professional 10.1
• Suse linux_professional 9.1.0
• Suse linux_professional 9.1.0 X86 64
• Suse linux_professional 9.2.0
• Suse linux_professional 9.2.0 X86 64
• Suse linux_professional 9.3.0
• Suse linux_professional 9.3.0 X86 64
• Ubuntu ubuntu_linux 5.0.0 4 Amd64
• Ubuntu ubuntu_linux 5.0.0 4 I386
• Ubuntu ubuntu_linux 5.0.0 4 Powerpc
• Ubuntu ubuntu_linux 5.10.0 Amd64
• Ubuntu ubuntu_linux 5.10.0 I386
• Ubuntu ubuntu_linux 5.10.0 Powerpc

References

• BugTraq: 17844
• CVE: CVE-2006-2237
• URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909
• URL: http://awstats.sourceforge.net/awstats_security_news.php