SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Barracuda Spam Firewall Vendors:   Barracuda Networks
Barracuda Spam Firewall 'img.pl' Discloses Files to Remote Users and Permits Command Execution
SecurityTracker Alert ID:  1014837
SecurityTracker URL:  http://securitytracker.com/id/1014837
CVE Reference:   CVE-2005-2847, CVE-2005-2848, CVE-2005-2849   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Sep 1 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Tested on 3.1.16 and 3.1.17
Description:   A vulnerability was reported in Barracuda Spam Firewall. A remote user can view files on the target system. A remote user can also execute arbitrary commands on the target system.

The '/cgi-bin/img.pl' script does not properly validate user-supplied input in the 'f' parameter. A remote user can supply a specially crafted parameter value containing '../' directory traversal characters to view files on the target system. A demonstration exploit value is provided:

f=../etc/passwd

A remote user can also exploit this flaw to execute arbitrary commands on the target system. A demonstration exploit value is provided:

f=../bin/ls|

A demonstration exploit URL is provided:

http://[target]:8000/cgi-bin/img.pl?f=../home/emailswitch/code/config/current.conf

The '/cgi-bin/dig_device.cgi' and '/cgi-bin/tcpdump_device.cgi' scripts do not properly validate user-supplied input before invoking the dig and tcpdump utilities.

A remote user can use the '-f' flag in the dig edit box to view portions of source code files in the cgi-bin directory.

A remote user can use the '-r' flag in the tcpdump edit box view a valid pcap file or determine if a specified file exists.

A remote user can use the '-w' in the tcpdump edit box to potentially overwrite files in the cgi-bin directory.

The vendor was notified on June 14, 2005.

Francois Harvey of SecuriWeb reported this vulnerability.

The original advisory is available at:

http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1

Impact:   A remote user can view files on the target system.

A remote user execute arbitrary commands on the target system.

Solution:   The vendor has issued a fixed version (3.1.18).
Vendor URL:  www.barracudanetworks.com/ns/products/spam_overview.php (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC