Mandriva Update For Awstats MDVSA-2011:033 (awstats) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in awstats: awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server (CVE-2010-4367). Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory (CVE-2010-4369). The updated packages have been upgraded to the latest version to address these vulnerabilities.

Affected

awstats on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-4367, CVE-2010-4369
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:153 (dhcp)
Mandrake Security Advisory MDVSA-2009:019 (imlib2)
Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)
Mandrake Security Advisory MDVSA-2009:151 (dhcp)
Mandrake Security Advisory MDVSA-2009:030 (amarok)

Mandriva Update for awstats MDVSA-2011:033 (awstats)

Take action and discover your vulnerabilities