Package: awstats Version: 6.2-1.1 Severity: grave Tags: security Justification: user security hole
The arbitrary command execution problem in the 6.2 release is composed of several vulnerabilities. Sarge and sid are afected The two ones know as -configdir -update are solved in this version but there is another one called -pluginmode And i have checked that the current version is vulnerable. More information can be found on: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf Thanks in advance -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages awstats depends on: ii perl [libstorable-perl] 5.8.4-6 Larry Wall's Practical Extraction -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
