Re: Security Breach

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Security Breach
From: Patrick Boutilier <boutilpj@xxxxxxxxxxx>
Date: Fri, 04 Mar 2005 14:17:28 -0400
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0 (X11/20050201)

<snip>

I got that part. What I am trying to understand (please bear with me) is
how the attacker might have modified the script command line.


By just requesting http://site/cgi-bin/awstats.pl?onfigdir=....bad stuff....

References:
- Security Breach
  - From: Chris Strzelczyk
- Re: Security Breach
  - From: Alexander Dalloz
- Re: Security Breach
  - From: David Cary Hart
- Re: Security Breach
  - From: Paul Howarth
- Re: Security Breach
  - From: David Cary Hart