Mandriva Update For Awstats MDVSA-2011:033 (awstats) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in awstats: awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server (CVE-2010-4367). Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory (CVE-2010-4369). The updated packages have been upgraded to the latest version to address these vulnerabilities.

Affected

awstats on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-4367, CVE-2010-4369

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:165 (ghostscript)
Mandrake Security Advisory MDVSA-2009:085 (gstreamer0.10-plugins-base)
Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
Mandrake Security Advisory MDVSA-2009:106 (libwmf)
Mandrake Security Advisory MDVSA-2009:146 (imap)

Mandriva Update for awstats MDVSA-2011:033 (awstats)

Take action and discover your vulnerabilities