Summary: | net-www/awstats exploit | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | bin-doph <bauer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | critical | CC: | beu, ka0ttic |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.frsirt.com/english/advisories/2005/0032 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
bin-doph
2005-05-10 02:50:45 UTC
Aaron please advise. This is the source of the exploit-shell. Not only the configdir-paramter is unsecure... changing the name of the cgi-bin is also a workaround. http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=3397 Tested with both 6.3-r2 and 6.4 with the poc code[1], and by hand. We're clean. [1] http://www.frsirt.com/exploits/20050302.awstats_shell.c.php Closing as INVALID. Feel free to reopen if you disagree. |