Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 87626 Details for
Bug 130487
net-www/awstats - multiple vulnerabilities (CVE-2006-1945|2237)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
awstats-6.5-CVE-2006-2237-CVE-2006-1945.diff
awstats-6.5-CVE-2006-2237-CVE-2006-1945.diff (text/plain), 5.63 KB, created by
Jakub Moc (RETIRED)
on 2006-05-27 03:48:23 UTC
(
hide
)
Description:
awstats-6.5-CVE-2006-2237-CVE-2006-1945.diff
Filename:
MIME Type:
Creator:
Jakub Moc (RETIRED)
Created:
2006-05-27 03:48:23 UTC
Size:
5.63 KB
patch
obsolete
>--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2005-11-24 15:11:19.000000000 -0500 >+++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-06 17:34:13.000000000 -0400 >@@ -5534,7 +5534,7 @@ > $QueryString =~ s/&/&/g; > } > >- $QueryString = CleanFromCSSA($QueryString); >+ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); > > # Security test > if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } >@@ -5542,7 +5542,7 @@ > # No update but report by default when run from a browser > $UpdateStats=($QueryString=~/update=1/i?1:0); > >- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } >+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); } > if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } > if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } > if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } >@@ -5561,7 +5561,7 @@ > > # If migrate > if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { >- $MigrateStats=&DecodeEncodedString("$2"); >+ $MigrateStats=&Sanitize(&DecodeEncodedString("$2")); > $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; > $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file > } >@@ -5591,7 +5591,7 @@ > # Update with no report by default when run from command line > $UpdateStats=1; > >- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; } >+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } > if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } > if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } > if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } >Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl >=================================================================== >--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2006-05-05 16:43:12.000000000 -0400 >+++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-06 17:26:10.000000000 -0400 >@@ -1131,7 +1131,7 @@ > my $configdir=shift; > my @PossibleConfigDir=(); > >- if ($configdir) { @PossibleConfigDir=("$configdir"); } >+ if ($configdir && $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) { @PossibleConfigDir=("$configdir"); } > else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); } > > # Open config file >diff -urN awstats-6.5.orig/tools/awstats_buildstaticpages.pl awstats-6.5/tools/awstats_buildstaticpages.pl >--- awstats-6.5.orig/tools/awstats_buildstaticpages.pl 2005-08-23 15:56:35.000000000 -0400 >+++ awstats-6.5/tools/awstats_buildstaticpages.pl 2006-01-04 00:58:20.490613529 -0500 >@@ -75,7 +75,7 @@ > # Return: None > #------------------------------------------------------------------------------ > sub error { >- print "Error: $_[0].\n"; >+ print STDERR "Error: $_[0].\n"; > exit 1; > } > >@@ -95,7 +95,7 @@ > # print "$messagestring<br />\n"; > # } > # else { >- print "$messagestring\n"; >+ print STDERR "$messagestring\n"; > # } > # } > } >diff -urN awstats-6.5.orig/tools/awstats_configure.pl awstats-6.5/tools/awstats_configure.pl >--- awstats-6.5.orig/tools/awstats_configure.pl 2005-04-22 13:34:05.000000000 -0400 >+++ awstats-6.5/tools/awstats_configure.pl 2006-01-04 00:58:24.987002812 -0500 >@@ -87,7 +87,7 @@ > # error > #------------------------------------------------------- > sub error { >- print "Error: $_[0].\n"; >+ print STDERR "Error: $_[0].\n"; > exit 1; > } > >diff -urN awstats-6.5.orig/tools/awstats_exportlib.pl awstats-6.5/tools/awstats_exportlib.pl >--- awstats-6.5.orig/tools/awstats_exportlib.pl 2003-12-05 18:53:38.000000000 -0500 >+++ awstats-6.5/tools/awstats_exportlib.pl 2006-01-04 00:58:30.769217454 -0500 >@@ -93,8 +93,8 @@ > my $thirdmessage=shift||""; > my $donotshowsetupinfo=shift||0; > if ($Debug) { debug("$message $secondmessage $thirdmessage",1); } >- print "$message"; >- print "\n"; >+ print STDERR "$message"; >+ print STDERR "\n"; > exit 1; > } > >diff -urN awstats-6.5.orig/tools/awstats_updateall.pl awstats/tools/awstats_updateall.pl >--- awstats-6.5.orig/tools/awstats_updateall.pl 2005-04-22 13:34:05.000000000 -0400 >+++ awstats-6.5/tools/awstats_updateall.pl 2006-01-04 00:58:34.910654953 -0500 >@@ -36,7 +36,7 @@ > # Return: None > #------------------------------------------------------------------------------ > sub error { >- print "Error: $_[0].\n"; >+ print STDERR "Error: $_[0].\n"; > exit 1; > } > >diff -urN awstats-6.5.orig/tools/logresolvemerge.pl awstats-6.5/tools/logresolvemerge.pl >--- awstats-6.5.orig/tools/logresolvemerge.pl 2005-12-04 16:10:46.000000000 -0500 >+++ awstats-6.5/tools/logresolvemerge.pl 2006-01-04 00:58:38.552160356 -0500 >@@ -104,7 +104,7 @@ > # Return: None > #------------------------------------------------------------------------------ > sub error { >- print "Error: $_[0].\n"; >+ print STDERR "Error: $_[0].\n"; > exit 1; > } > >@@ -133,7 +133,7 @@ > sub warning { > my $messagestring=shift; > if ($Debug) { debug("$messagestring",1); } >- print "$messagestring\n"; >+ print STDERR "$messagestring\n"; > } > > #----------------------------------------------------------------------------- >diff -urN awstats-6.5.orig/tools/maillogconvert.pl awstats-6.5/tools/maillogconvert.pl >--- awstats-6.5.orig/tools/maillogconvert.pl 2005-04-22 13:34:05.000000000 -0400 >+++ awstats-6.5/tools/maillogconvert.pl 2006-01-04 00:58:42.465628823 -0500 >@@ -56,7 +56,7 @@ > #------------------------------------------------------- > > sub error { >- print "Error: $_[0].\n"; >+ print STDERR "Error: $_[0].\n"; > exit 1; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=87626">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 130487
: 87626
