Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-686-1: AWStats vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-686-1: AWStats vulnerability
# 1  
Old 12-03-2008
USN-686-1: AWStats vulnerability
Referenced CVEs:
CVE-2008-3714


Description:
===========================================================Ubuntu Security Notice USN-686-1 December 04, 2008awstats vulnerabilityCVE-2008-3714===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: awstats 6.5-1ubuntu1.3Ubuntu 7.10: awstats 6.6+dfsg-1ubuntu0.1Ubuntu 8.04 LTS: awstats 6.7.dfsg-1ubuntu0.1Ubuntu 8.10: awstats 6.7.dfsg-5ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Morgan Todd discovered that AWStats did not correctly strip quotes fromcertain parameters, allowing for an XSS attack when running as a CGI.If a user was tricked by a remote attacker into following a speciallycrafted URL, the user's authentication information could be exposed forthe domain where AWStats was hosted.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

liloconfig

LILOCONFIG(8)						     liloconfig documentation						     LILOCONFIG(8)

NAME

       liloconfig - create new lilo.conf file (with diskid and uuid)

SYNOPSIS

       liloconfig [-h] [-v] [-f] [lilo.conf]

DESCRIPTION

       liloconfig is an simple program for creating a new lilo.conf file.  After creating the new configuration file you must execute
       '/sbin/lilo'.

       liloconfig use the lilo.example.conf file as template. In the final lilo.conf file you find many useful comments for custom changes.

OPTIONS

       -h  Print a brief help.

       -v  Print verbose messages.

       -f  Force overriding existing lilo.conf.

EXAMPLES

       Lines in the configuration file /etc/lilo.conf:

	 ### LILO global section ###

	 #large-memory
	 lba32
	 boot = /dev/sda
	 map = /boot/map
	 install = menu
	 menu-scheme = Wb:Yr:Wb:Wb
	 prompt
	 timeout = 100
	 vga = normal
	 #default = Linux

	 ### LILO per-image section ###

	 #boot = /dev/sda
	 boot = /dev/disk/by-id/ata-SAMSUNG_SV1604N_S01FJ10X999999

	 image = /boot/vmlinuz-2.6.32-5book-686
	     label = "Linux"
	     #root = /dev/sda1
	     root = "UUID=18843936-00f9-4df0-a373-000d05a5dd44"
	     read-only
	 #   restricted
	 #   alias = 1
	 #   optional
	     initrd = /boot/initrd.img-2.6.32-5book-686

	 image = /boot/vmlinuz-2.6.32-5-686
	     label = "Linux Old"
	     #root = /dev/sda1
	     root = "UUID=18843936-00f9-4df0-a373-000d05a5dd44"
	     read-only
	 #   restricted
	 #   alias = 2
	 #   optional
	     initrd = /boot/initrd.img-2.6.32-5-686

COPYRIGHT and LICENSE
       Copyright (C) 2011 Joachim Wiedorn

       This script is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       On Debian systems, the complete text of the GNU General Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'.

AUTHOR

       lilconfig was written by Joachim Wiedorn.

       This manual page was written by Joachim Wiedorn <ad_debian at joonet.de> for the Debian project (and may be used by others).

SEE ALSO

       lilo(8), update-lilo(8), lilo-uuid-diskid(8)

23.1								    2011-03-20							     LILOCONFIG(8)