This is a hot checklist item for folks hosting Internet websites. While Apache servers are most likely affected, this advanced graphical statistics package also runs on ISS, Webstar and other web severs. The latest 6.3 version of AWStats was released on January 28, 2005. Based on Kaspersky's weblog malicious individuals are actively targeting vulnerable sites. Hackers/Crackers targeting sites with older AWStats versionhttp://www.viruslist.com/en/weblog
QUOTE: We are seeing vast numbers of sites being compromised at the moment.
These sites are using an older version of AWStats, which is a free tool that generates advanced graphical statistics for web, ftp or mail servers.
There is a vulnerability in AWStats 6.2 and previous versions which leads to remote command execution. This gives an attacker almost full control over the server. This vulnerability was first disclosed on 17th January 2005. It has been fixed in AWStats 6.3, so we urge everybody who is using AWStats to make sure they are using 6.3.
Although we are seeing mostly defacements, you are highly recommended to thoroughly check your servers if you have been running AWStats 6.1 since 17th January.AWStats - Home Pagehttp://awstats.sourceforge.net/
AWStats is a free powerful and featureful tool that generates advanced web, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pagesWarning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI:
A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody"). If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.