- Committer: Bazaar Package Importer
- Date: 2005-02-11 13:07:58 UTC
- Revision ID: james.westby@ubuntu.com-20050211130758-ihj9iqvimh3alo4v
* SECURITY UPDATE: fix more arbitrary command execution vulnerabilities
* wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the
"config", "logfile", "pluginmode", "loadplugin", and "noloadplugin"
parameters (which are defined by the remote user) to prevent execution of
arbitrary shell commands through shell metacharacters.
* References:
similar to CAN-2005-0116
http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
* wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the
"config", "logfile", "pluginmode", "loadplugin", and "noloadplugin"
parameters (which are defined by the remote user) to prevent execution of
arbitrary shell commands through shell metacharacters.
* References:
similar to CAN-2005-0116
http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
debian
|
2 | 20 years ago | Bazaar Package Importer | Really fix bug#247265. Really closes: Bug#247265 ( |
|
||
|
docs
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 6.0 |
|
||
|
tools
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 6.0 |
|
||
|
wwwroot
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 6.0 |
|
||
README.TXT |
1 | 20 years ago | Bazaar Package Importer | Import upstream version 6.0 | 6.3 KB |
|
|