carl
04-06-2005, 01:56 AM
Hi.
Those of you that are running AWStats version 6.3 or below need to upgrade to the latest version of AWStats as soon as possible. Versions 6.3 or below contain a critical vulnerability that allows remote execution of commands, which can be used to break into your server. Some customers have been hit by this already.
You can download the latest version of AWStats here: http://awstats.sourceforge.net/
AWStats is not installed on your VPS by default. But it might have been installed by one of your users. If you are not sure whether it is installed or not, run this on your VPS:
find / -name "awstats.pl"
To remove it, simply delete or move the directory it is stored in (basically make sure it is not accessible from the web).
The full vulnerability description is here: http://lists.virus.org/full-disclosure-0501/msg00560.html
Those of you that are running AWStats version 6.3 or below need to upgrade to the latest version of AWStats as soon as possible. Versions 6.3 or below contain a critical vulnerability that allows remote execution of commands, which can be used to break into your server. Some customers have been hit by this already.
You can download the latest version of AWStats here: http://awstats.sourceforge.net/
AWStats is not installed on your VPS by default. But it might have been installed by one of your users. If you are not sure whether it is installed or not, run this on your VPS:
find / -name "awstats.pl"
To remove it, simply delete or move the directory it is stored in (basically make sure it is not accessible from the web).
The full vulnerability description is here: http://lists.virus.org/full-disclosure-0501/msg00560.html