[VIM] AWStats question [CVE 2005-0362 & 2005-0436]
jericho at attrition.org
Sun May 1 13:49:42 EDT 2005
CAN-2005-0362 / OSVDB 1000034
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary
commands via shell metacharacters in the (1) "pluginmode", (2)
"loadplugin", or (3) "noloadplugin" parameters.
CAN-2005-0436 / OSVDB 13832
BUGTRAQ:20050214 AWStats <= 6.4 Multiple vulnerabilities
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4
allows remote attackers to execute portions of Perl code via the
2005-0362 is effectively Feb 11, 2005 and 2005-0436 is Feb 14, 2005. Given
the proximity of the two, and one parameter seems to be the same
(PluginMode / pluginmode), these seem like they should be merged possibly.
First question is how CVE differentiates between "commands via shell
metacharacters" and "direct code injection".
Second question is, are 'PluginMode' and 'pluginmode' the same params, or
is the script case sensitive and these are two different variables?
More information about the VIM