[plug] NOTE: serious security flaw in AwStats
Sol Hanna
sol at autonomon.net
Wed Feb 16 20:48:16 WST 2005
I just got cracked. :'( Not too badly, but it could have been worse.
I just went to do an upgrade on my Debian server (which does have the a
security mirror in sources.list) and noted that even Debian doesn't have
the most recent security upgrade for AwStats. It's a fairly new problem
so I thought I had better warn any users of AwStats that there is a
major vulnerability which allows code to be sent to be executed through
the webserver. Slashdot has some info and links here:
http://it.slashdot.org/article.pl?sid=05/02/08/1834203&tid=172&tid=156
Hope this helps somebody.....
/sol
More information about the plug
mailing list