SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Embedded Server/Appliance)  >  Barracuda Spam Firewall Vendors:  Barracuda Networks
Barracuda Spam Firewall 'img.pl' Discloses Files to Remote Users and Permits Command Execution
SecurityTracker Alert ID:  1014837
SecurityTracker URL:  http://securitytracker.com/id?1014837
CVE Reference:  CVE-2005-2847 ,  CVE-2005-2848 ,  CVE-2005-2849   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Sep 1 2005
Impact:  Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): Tested on 3.1.16 and 3.1.17
Description:  A vulnerability was reported in Barracuda Spam Firewall. A remote user can view files on the target system. A remote user can also execute arbitrary commands on the target system.

The '/cgi-bin/img.pl' script does not properly validate user-supplied input in the 'f' parameter. A remote user can supply a specially crafted parameter value containing '../' directory traversal characters to view files on the target system. A demonstration exploit value is provided:

f=../etc/passwd

A remote user can also exploit this flaw to execute arbitrary commands on the target system. A demonstration exploit value is provided:

f=../bin/ls|

A demonstration exploit URL is provided:

http://[target]:8000/cgi-bin/img.pl?f=../home/emailswitch/code/ config/current.conf

The '/cgi-bin/dig_device.cgi' and '/cgi-bin/tcpdump_device.cgi' scripts do not properly validate user-supplied input before invoking the dig and tcpdump utilities.

A remote user can use the '-f' flag in the dig edit box to view portions of source code files in the cgi-bin directory.

A remote user can use the '-r' flag in the tcpdump edit box view a valid pcap file or determine if a specified file exists.

A remote user can use the '-w' in the tcpdump edit box to potentially overwrite files in the cgi-bin directory.

The vendor was notified on June 14, 2005.

Francois Harvey of SecuriWeb reported this vulnerability.

The original advisory is available at:

http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1
Impact:  A remote user can view files on the target system.

A remote user execute arbitrary commands on the target system.
Solution:  The vendor has issued a fixed version (3.1.18).
Vendor URL:  www.barracudanetworks.com/ns/products/spam_overview.php (Links to External Site)
Cause:  Input validation error

Message History:   None.

 Source Message Contents
Date:  Thu, 1 Sep 2005 12:37:10 -0400
Subject:  Barracuda Spam Firewall vulnerability

 
 
http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC