|
|
>> Barracuda Spam Firewall Directory Traversal and Command Execution Vulnerabilities
|
Title : Barracuda Spam Firewall Directory Traversal and Command Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-3104
CVE ID : CVE-2006-4000 - CVE-2006-4001
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-08-02
|
Two vulnerabilities have been identified in Barracuda Spam Firewall, which could be exploited by remote attackers to execute arbitrary commands, bypass security restrictions, gain knowledge of sensitive information.
The first issue is due to a design error where the web interface is accessible via a default account ("guest") and a hard-coded password ("bnadmin99"), which could be exploited by attackers to gain unauthorized access to a vulnerable application and disclose sensitive information (e.g. system configuration and logs).
The second flaw is due to an input validation error in the "cgi-bin/preview_email.cgi" script that does not properly validate the "file" parameter, which could be exploited by remote authenticated users (including "guest") to access and read the contents of arbitrary files or execute shell commands via the pipe character.
Affected Products
Barracuda Spam Firewall versions 3.x
Solution
Contact the vendor to obtain a fix :
http://www.barracudanetworks.com/ns/support/
References
http://www.vupen.com/english/advisories/2006/3104
http://www.frsirt.com/english/reference/17312
http://www.frsirt.com/english/reference/17315
Credits
Vulnerabilities reported by Greg Sinclair
ChangeLog
2006-08-02 : Initial release
2006-08-08 : Updated Advisory
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
