Hi, I installed awstats myself and therefore did not recognize that it is vulnerable (via the YOU run). I'm afraid this night someone exploited this vulnerability. I found this log in my error_log ... [Thu Feb 24 02:00:44 2005] [error] [client 213.186.57.179] script not found or unable to stat: /usr/local/httpd/cgi-bin/awstats.pl sh: line 1: /awstats.ipi207.ipi.uni-hannover.de.conf: No such file or directory --02:05:09-- http://sm3naru.net/n.tgz => `n.tgz' Resolving sm3naru.net... done. Connecting to sm3naru.net[217.160.226.79]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 83,851 [text/plain] 0K .......... .......... .......... .......... .......... 61% 134.77 KB/s 50K .......... .......... .......... . 100% 10.38 MB/s 02:05:09 (218.95 KB/s) - `n.tgz' saved [83851/83851] ... n.tgz contains some icq-server scripts Can someone confirm that this is a exploitation of the awstats-error??? Why it is logged in the apache error-log? Thanks, Markus Thomas Biege wrote:
On Tue, Feb 08, 2005 at 11:29:50AM -0800, Dimitar Slavov wrote:
Hello:
Hello.
Is there any patch released for the awstats remote command execution vulerability from Jan 17th?
More info here: http://lists.netsys.com/pipermail/full-disclosure/2005-January/031002.html
New packages were released jan 25.
please use YOU or check our web site.