AWStats did not properly sanitize the ‘migrate’ CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server.
This does not affect AWStats installations which only build static pages.
23 May 2006
A security issue affects these releases of Ubuntu and its derivatives:
AWStats did not properly sanitize the ‘migrate’ CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server.
This does not affect AWStats installations which only build static pages.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon