cvelistv5 - cve-2006-4000

CVE-2006-4000 (GCVE-0-2006-4000)

Vulnerability from cvelistv5 – Published: 2006-08-05 01:00 – Updated: 2024-08-07 18:48

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2006/3104	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/21258	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/19276	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/441861/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-3104",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3104"
          },
          {
            "name": "21258",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21258"
          },
          {
            "name": "19276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19276"
          },
          {
            "name": "barracuda-previewemail-info-disclosure(28214)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
          },
          {
            "name": "20060801 Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-3104",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3104"
        },
        {
          "name": "21258",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21258"
        },
        {
          "name": "19276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19276"
        },
        {
          "name": "barracuda-previewemail-info-disclosure(28214)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
        },
        {
          "name": "20060801 Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-3104",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3104"
            },
            {
              "name": "21258",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21258"
            },
            {
              "name": "19276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19276"
            },
            {
              "name": "barracuda-previewemail-info-disclosure(28214)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
            },
            {
              "name": "20060801 Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4000",
    "datePublished": "2006-08-05T01:00:00",
    "dateReserved": "2006-08-04T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4499AB68-D449-4A36-A243-F13F02C0EF95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9E13260-BC29-45D9-98F3-0C2D7CF72A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DB02038-4858-4D43-9FB6-492E131227CA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elecci\\u00f3n a trav\\u00e9s de la secuencia ..(punto punto) en el par\\u00e1metro file.\"}]",
      "id": "CVE-2006-4000",
      "lastModified": "2024-11-21T00:14:54.507",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-08-05T01:04:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/21258\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/441861/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19276\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3104\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28214\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/441861/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19276\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4000\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-05T01:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elecci\u00f3n a trav\u00e9s de la secuencia ..(punto punto) en el par\u00e1metro file.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4499AB68-D449-4A36-A243-F13F02C0EF95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9E13260-BC29-45D9-98F3-0C2D7CF72A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB02038-4858-4D43-9FB6-492E131227CA\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21258\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/441861/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19276\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3104\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28214\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/441861/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-GMVP-38JX-W8G9

Vulnerability from github – Published: 2022-05-01 07:14 – Updated: 2022-05-01 07:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4000"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-05T01:04:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.",
  "id": "GHSA-gmvp-38jx-w8g9",
  "modified": "2022-05-01T07:14:34Z",
  "published": "2022-05-01T07:14:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4000"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21258"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19276"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3104"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200608-0208

Vulnerability from variot - Updated: 2023-12-18 12:13

Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. A remote attacker can exploit these issues to gain access to potentially sensitive information and execute commands in the context of the affected application. Versions 3.3.01.001 to 3.3.03.055 are vulnerable to these issues. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Although the guest account has only limited access, the following information can be obtained: * System configuration, including IP address, administrator IP ACL; * Email message log (but not the content of the message); * Spam/antivirus definition version information and system firmware version. There is also a file disclosure vulnerability in Barracuda's preview_email.cgi script. This script was used to retrieve messages from Barracuda's local message database, but did not properly filter the file parameter passed through GET to limit file retrieval to the message database directory, resulting in access to any Web Server user accessible files from the web interface. In addition, it is possible to execute arbitrary commands using the pipe symbol (|). Although this script requires a valid user login, this restriction can be easily bypassed by combining the guest password vulnerability described above.

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: Barracuda Spam Firewall Information Disclosure and Default Account

SECUNIA ADVISORY ID: SA21258

VERIFY ADVISORY: http://secunia.com/advisories/21258/

CRITICAL: Less critical

IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information

WHERE:

From local network

OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/product/4639/

DESCRIPTION: Greg Sinclair has reported a vulnerability and a security issue in Barracuda Spam Firewall, which can be exploited by malicious people to bypass certain security restrictions and disclose various information.

1) Input passed to the "file" parameter in preview_email.cgi is not properly verified, before it is used to view files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks (e.g. message logs).

Example: https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]

Successful exploitation requires that the user has been authenticated.

2) A default guest account with a hard-coded password exists in Login.pm. This can be exploited to disclose various configuration and version information.

A combination of the two issues can be exploited by a malicious person to disclose the contents of arbitrary files.

The vulnerability and the security issue have been reported in firmware versions 3.3.01.001 through 3.3.03.053.

SOLUTION: Update to firmware version 3.3.0.54.

PROVIDED AND/OR DISCOVERED BY: Greg Sinclair

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200608-0208",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spam firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "barracuda",
        "version": "3.3.03.053"
      },
      {
        "model": "spam firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "barracuda",
        "version": "3.3.03.055"
      },
      {
        "model": "spam firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "barracuda",
        "version": "3.3.01.001"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "barracuda",
        "version": null
      },
      {
        "model": "spam firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "barracuda",
        "version": "3.3.01.001 to  3.3.03.053"
      },
      {
        "model": "networks barracuda spam firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.3.03.055"
      },
      {
        "model": "networks barracuda spam firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.3.03.053"
      },
      {
        "model": "networks barracuda spam firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.3.01.001"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "db": "BID",
        "id": "19276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Greg Sinclair gssincla@nnlsoftware.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4000",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-4000",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-20108",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4000",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#199348",
            "trust": 0.8,
            "value": "2.57"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200608-066",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20108",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. \nA remote attacker can exploit these issues to gain access to potentially sensitive information and execute commands in the context of the affected application. \nVersions 3.3.01.001 to 3.3.03.055 are vulnerable to these issues. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Although the guest account has only limited access, the following information can be obtained: * System configuration, including IP address, administrator IP ACL; * Email message log (but not the content of the message); * Spam/antivirus definition version information and system firmware version. There is also a file disclosure vulnerability in Barracuda\u0027s preview_email.cgi script. This script was used to retrieve messages from Barracuda\u0027s local message database, but did not properly filter the file parameter passed through GET to limit file retrieval to the message database directory, resulting in access to any Web Server user accessible files from the web interface. In addition, it is possible to execute arbitrary commands using the pipe symbol (|). Although this script requires a valid user login, this restriction can be easily bypassed by combining the guest password vulnerability described above. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nBarracuda Spam Firewall Information Disclosure and Default Account\n\nSECUNIA ADVISORY ID:\nSA21258\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21258/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, Exposure of\nsensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nBarracuda Spam Firewall\nhttp://secunia.com/product/4639/\n\nDESCRIPTION:\nGreg Sinclair has reported a vulnerability and a security issue in\nBarracuda Spam Firewall, which can be exploited by malicious people\nto bypass certain security restrictions and disclose various\ninformation. \n\n1) Input passed to the \"file\" parameter in preview_email.cgi is not\nproperly verified, before it is used to view files. This can be\nexploited to disclose the contents of arbitrary files via directory\ntraversal attacks (e.g. message logs). \n\nExample:\nhttps://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]\n\nSuccessful exploitation requires that the user has been\nauthenticated. \n\n2) A default guest account with a hard-coded password exists in\nLogin.pm. This can be exploited to disclose various configuration and\nversion information. \n\nA combination of the two issues can be exploited by a malicious\nperson to disclose the contents of arbitrary files. \n\nThe vulnerability and the security issue have been reported in\nfirmware versions 3.3.01.001 through 3.3.03.053. \n\nSOLUTION:\nUpdate to firmware version 3.3.0.54. \n\nPROVIDED AND/OR DISCOVERED BY:\nGreg Sinclair\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "db": "BID",
        "id": "19276"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "db": "PACKETSTORM",
        "id": "48752"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-20108",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-4000",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "21258",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "19276",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3104",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#199348",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "28214",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060801 BARRACUDA VULNERABILITY: ARBITRARY FILE DISCLOSURE [NNL-20060801-02]",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "28321",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-20108",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48752",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "db": "BID",
        "id": "19276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "db": "PACKETSTORM",
        "id": "48752"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "id": "VAR-200608-0208",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:07.726000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.barracudanetworks.com/ns/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19276"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21258"
      },
      {
        "trust": 1.1,
        "url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3104"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/21258/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4000"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4000"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/441861/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/28214"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3104"
      },
      {
        "trust": 0.3,
        "url": "https://lists.grok.org.uk/mailman/listinfo/full-disclosure"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/442249"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/442132"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4639/"
      },
      {
        "trust": 0.1,
        "url": "https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "db": "BID",
        "id": "19276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "db": "PACKETSTORM",
        "id": "48752"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "db": "BID",
        "id": "19276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "db": "PACKETSTORM",
        "id": "48752"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-08-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "date": "2006-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "date": "2006-08-01T00:00:00",
        "db": "BID",
        "id": "19276"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "date": "2006-08-03T03:35:36",
        "db": "PACKETSTORM",
        "id": "48752"
      },
      {
        "date": "2006-08-05T01:04:00",
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "date": "2006-08-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-08-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#199348"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20108"
      },
      {
        "date": "2016-07-06T12:19:00",
        "db": "BID",
        "id": "19276"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001041"
      },
      {
        "date": "2018-10-17T21:32:46.067000",
        "db": "NVD",
        "id": "CVE-2006-4000"
      },
      {
        "date": "2006-08-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Barracuda Spam Firewall contains hardcoded default login credentials",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#199348"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-066"
      }
    ],
    "trust": 0.6
  }
}

GSD-2006-4000

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4000

Aliases

CVE-2006-4000

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4000",
    "description": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.",
    "id": "GSD-2006-4000"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4000"
      ],
      "details": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.",
      "id": "GSD-2006-4000",
      "modified": "2023-12-13T01:19:51.888167Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4000",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-3104",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3104"
          },
          {
            "name": "21258",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21258"
          },
          {
            "name": "19276",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19276"
          },
          {
            "name": "barracuda-previewemail-info-disclosure(28214)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
          },
          {
            "name": "20060801 Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4000"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19276",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/19276"
            },
            {
              "name": "21258",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21258"
            },
            {
              "name": "ADV-2006-3104",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3104"
            },
            {
              "name": "barracuda-previewemail-info-disclosure(28214)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
            },
            {
              "name": "20060801 Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-17T21:32Z",
      "publishedDate": "2006-08-05T01:04Z"
    }
  }
}

FKIE_CVE-2006-4000

Vulnerability from fkie_nvd - Published: 2006-08-05 01:04 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21258
cve@mitre.org	http://www.securityfocus.com/archive/1/441861/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19276	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3104
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28214
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21258
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/441861/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19276	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3104
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28214

Impacted products

Vendor	Product	Version
barracuda_networks	barracuda_spam_firewall	3.3.01.001
barracuda_networks	barracuda_spam_firewall	3.3.03.053
barracuda_networks	barracuda_spam_firewall	3.3.03.055

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "4499AB68-D449-4A36-A243-F13F02C0EF95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9E13260-BC29-45D9-98F3-0C2D7CF72A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB02038-4858-4D43-9FB6-492E131227CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elecci\u00f3n a trav\u00e9s de la secuencia ..(punto punto) en el par\u00e1metro file."
    }
  ],
  "id": "CVE-2006-4000",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-05T01:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21258"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/19276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3104"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/19276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4000 (GCVE-0-2006-4000)

GHSA-GMVP-38JX-W8G9

VAR-200608-0208

GSD-2006-4000

FKIE_CVE-2006-4000

Tags

Sightings

Nomenclature