Details of VAR-200509-0171

ID

VAR-200509-0171

CVE

CVE-2005-2849

TITLE

Edge Fish Spam Firewall Parameter Injection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200509-089

DESCRIPTION

Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. Barracuda Spam Firewall is prone to a remote security vulnerability. Barracuda Spam Firewall is the main product of Bovite, which provides users with a safe, efficient and comprehensive overall solution for spam and virus email protection

Trust: 1.26

sources: NVD: CVE-2005-2849 // BID: 89343 // VULHUB: VHN-14058

AFFECTED PRODUCTS

vendor:	barracuda	model:	spam firewall	scope:	eq	version:	3.1.17	Trust: 1.6
vendor:	barracuda	model:	spam firewall	scope:	eq	version:	3.1.16	Trust: 1.6
vendor:	barracuda	model:	networks barracuda spam firewall	scope:	eq	version:	3.1.17	Trust: 0.3
vendor:	barracuda	model:	networks barracuda spam firewall	scope:	eq	version:	3.1.16	Trust: 0.3

sources: BID: 89343 // NVD: CVE-2005-2849 // CNNVD: CNNVD-200509-089

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-2849
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200509-089
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-14058
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14058
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14058 // NVD: CVE-2005-2849 // CNNVD: CNNVD-200509-089

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2849

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200509-089

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200509-089

CONFIGURATIONS

sources: NVD: CVE-2005-2849

EXTERNAL IDS

db:	SECTRACK	id:	1014837	Trust: 2.0
db:	NVD	id:	CVE-2005-2849	Trust: 2.0
db:	SECUNIA	id:	16683	Trust: 1.7
db:	CNNVD	id:	CNNVD-200509-089	Trust: 0.7
db:	BUGTRAQ	id:	20050901 [SECURIWEB.2005.1] - BARRACUDA SPAM FIREWALL ADVISORY	Trust: 0.6
db:	BID	id:	89343	Trust: 0.4
db:	VULHUB	id:	VHN-14058	Trust: 0.1

sources: VULHUB: VHN-14058 // BID: 89343 // NVD: CVE-2005-2849 // CNNVD: CNNVD-200509-089

REFERENCES

url:	http://securiweb.net/wiki/ressources/avisdesecurite/2005.1	Trust: 2.0
url:	http://www.securitytracker.com/alerts/2005/sep/1014837.html	Trust: 2.0
url:	http://secunia.com/advisories/16683/	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=112560044813390&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=112560044813390&w=2	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=112560044813390&w=2	Trust: 0.1

sources: VULHUB: VHN-14058 // BID: 89343 // NVD: CVE-2005-2849 // CNNVD: CNNVD-200509-089

CREDITS

Unknown

Trust: 0.3

sources: BID: 89343

SOURCES

db:	VULHUB	id:	VHN-14058
db:	BID	id:	89343
db:	NVD	id:	CVE-2005-2849
db:	CNNVD	id:	CNNVD-200509-089

LAST UPDATE DATE

2023-12-18T12:40:21.241000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14058	date:	2016-10-18T00:00:00
db:	BID	id:	89343	date:	2005-09-08T00:00:00
db:	NVD	id:	CVE-2005-2849	date:	2016-10-18T03:30:50.133
db:	CNNVD	id:	CNNVD-200509-089	date:	2006-08-23T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14058	date:	2005-09-08T00:00:00
db:	BID	id:	89343	date:	2005-09-08T00:00:00
db:	NVD	id:	CVE-2005-2849	date:	2005-09-08T10:03:00
db:	CNNVD	id:	CNNVD-200509-089	date:	2005-09-08T00:00:00