AWStats Referrer Arbitrary Command Execution Vulnerability

Bugtraq ID:	14525
Class:	Input Validation Error
CVE:	CVE-2005-1527
Remote:	Yes
Local:	No
Published:	Aug 09 2005 12:00AM
Updated:	Dec 20 2006 09:17PM
Credit:	Peter Vreugdenhil <security@petervreugdenhil.nl> is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 AWStats AWStats 6.3 AWStats AWStats 6.2 AWStats AWStats 6.1 AWStats AWStats 6.0 AWStats AWStats 5.9 AWStats AWStats 5.8 AWStats AWStats 5.7 AWStats AWStats 5.6 AWStats AWStats 5.5 AWStats AWStats 5.4 AWStats AWStats 5.3 AWStats AWStats 5.2 AWStats AWStats 5.1 AWStats AWStats 5.0

Not Vulnerable:	AWStats AWStats 6.5 build 1.857