FreeBSD Ports: awstats

The remote host is missing an update to the system as announced in the referenced advisory.

The following package is affected: awstats CVE-2005-0362 awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) 'pluginmode', (2) 'loadplugin', or (3) 'noloadplugin' parameters. CVE-2005-0363 awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. CVE-2005-0435 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. CVE-2005-0436 Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. CVE-2005-0437 Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. CVE-2005-0438 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.

Update your system with the appropriate patches or software upgrades. http://awstats.sourceforge.net/docs/awstats_changelog.txt http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488 http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf http://marc.theaimsgroup.com/?l=bugtraq&m=110840530924124 http://www.vuxml.org/freebsd/fdad8a87-7f94-11d9-a9e7-0001020eed82.html