ID
VAR-200509-0170
CVE
CVE-2005-2848
TITLE
Barracuda Spam Firewall IMG.PL Remote Directory Traversal Vulnerability
Trust: 0.9
DESCRIPTION
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. This issue affects the Web interface of the appliance. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system. Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue. The img.pl script tries to disconnect the file when the user finishes reading it. In /cgi-bin/img.pl script: my $file_img=\"/tmp/\".CGI::param(\'\';f\'\'); open (IMG, $file_img) or die \"Could not open image because: $!\n\"; ... unlink ($file_img); The perl open function can also be used to execute commands. If the string ends with \"|\", the script executes the command, piping the output to the IMG file descriptor. File retrieval: f=../etc/passwd An attacker could exploit this vulnerability to obtain sensitive information such as administrator passwords
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | barracuda | model: | spam firewall | scope: | eq | version: | 3.1.17 | Trust: 1.9 |
| vendor: | barracuda | model: | spam firewall | scope: | eq | version: | 3.1.16 | Trust: 1.6 |
| vendor: | barracuda | model: | spam firewall | scope: | ne | version: | 3.1.18 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
path traversal
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
EXTERNAL IDS
| db: | BID | id: | 14710 | Trust: 2.0 |
| db: | SECTRACK | id: | 1014837 | Trust: 1.7 |
| db: | NVD | id: | CVE-2005-2848 | Trust: 1.7 |
| db: | SECUNIA | id: | 16683 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200509-088 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20050901 [SECURIWEB.2005.1] - BARRACUDA SPAM FIREWALL ADVISORY | Trust: 0.6 |
| db: | XF | id: | 22120 | Trust: 0.6 |
| db: | EXPLOIT-DB | id: | 1236 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-14057 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/14710 | Trust: 1.7 |
| url: | http://securiweb.net/wiki/ressources/avisdesecurite/2005.1 | Trust: 1.7 |
| url: | http://www.securitytracker.com/alerts/2005/sep/1014837.html | Trust: 1.7 |
| url: | http://secunia.com/advisories/16683/ | Trust: 1.7 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/22120 | Trust: 1.1 |
| url: | http://marc.info/?l=bugtraq&m=112560044813390&w=2 | Trust: 1.0 |
| url: | http://xforce.iss.net/xforce/xfdb/22120 | Trust: 0.6 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=112560044813390&w=2 | Trust: 0.6 |
| url: | http://www.barracudanetworks.com/ns/products/spam_overview.php | Trust: 0.3 |
| url: | /archive/1/409665 | Trust: 0.3 |
| url: | http://marc.info/?l=bugtraq&m=112560044813390&w=2 | Trust: 0.1 |
CREDITS
Francois Harvey fharvey@securiweb.net
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-14057 |
| db: | BID | id: | 14710 |
| db: | NVD | id: | CVE-2005-2848 |
| db: | CNNVD | id: | CNNVD-200509-088 |
LAST UPDATE DATE
2023-12-18T12:40:21.270000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-14057 | date: | 2017-07-11T00:00:00 |
| db: | BID | id: | 14710 | date: | 2005-09-01T00:00:00 |
| db: | NVD | id: | CVE-2005-2848 | date: | 2017-07-11T01:33:01.047 |
| db: | CNNVD | id: | CNNVD-200509-088 | date: | 2006-08-23T00:00:00 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-14057 | date: | 2005-09-08T00:00:00 |
| db: | BID | id: | 14710 | date: | 2005-09-01T00:00:00 |
| db: | NVD | id: | CVE-2005-2848 | date: | 2005-09-08T10:03:00 |
| db: | CNNVD | id: | CNNVD-200509-088 | date: | 2005-09-08T00:00:00 |