AWStats Exploits on Apache/Linux


It looks like a vulnerability in the AWStats tool that runs on Apache is causing some troubles for people who aren't patched to the latest version. I woundn't mention it normally as this runs on Linux, but I've seen at least one person who's blog server was attacked and I want to make sure that people running Apache servers patch themselves against this. (There's a warning you should read on the AWStats site.) I've seen a couple of bizarre redirects the last couple of days and I suspect this might have something to do with it. Here's a link to some Sans coverage of this exploit.


Comments (2)
  1. Norman Diamond says:

    > I woundn’t mention it normally as this runs

    > on Linux,

    And what is said on the AWStats page that you linked to:

    > It uses a partial information file to be

    > able to process large log files, often and

    > quickly. It can analyze log files from IIS

    > (W3C log format), Apache log files […]

    Your reason for not mentioning it normally is that IIS and Apache (and maybe the others) run on Linux? Anyone know of any other platforms where IIS and Apache (and maybe the others) are also capable of running? That’s why you mentioned it abnormally, right? Sigh.

  2. An other not satisfied IIS user says:

    AWStats does not works on Apache/Linux: But on all OS and servers. The hole occurs also on IIS and windows server and of course, my IIS server was again hacked…

    If using Apache the CGI is runned with permission for user nobody so only some files can be defaced but as a windows user on a FAT partition, the hole allows hackers to do everything in my server.

    So if you use IIS, be very cautious to upgrade to last version beause problem and risk is more serious on windows/IIS platforms…

Comments are closed.

Skip to main content