VAR-200509-0169
Vulnerability from variot - Updated: 2023-12-18 12:40img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. This issue arises when user-specified commands are supplied to the Web interface of the device. An attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access. Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue. The img.pl script tries to disconnect the file when the user finishes reading it. In /cgi-bin/img.pl script: my $file_img=\"/tmp/\".CGI::param(\'\'f\'\'); open (IMG, $file_img) or die \ "Could not open image because: $!\n\"; ... unlink ($file_img); The perl open function can also be used to execute commands. If the string ends with \"|\", the script executes the command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spam firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "3.1.17"
},
{
"model": "spam firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "3.1.16"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.1.17"
},
{
"model": "networks barracuda spam firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.1.18"
}
],
"sources": [
{
"db": "BID",
"id": "14712"
},
{
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2847"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francois Harvey fharvey@securiweb.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14056",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2847",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200509-075",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14056",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14056"
},
{
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. \nThis issue arises when user-specified commands are supplied to the Web interface of the device. \nAn attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access. \nBarracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue. The img.pl script tries to disconnect the file when the user finishes reading it. In /cgi-bin/img.pl script: my $file_img=\\\"/tmp/\\\".CGI::param(\\\u0027\\\u0027f\\\u0027\\\u0027); open (IMG, $file_img) or die \\ \"Could not open image because: $!\\n\\\"; ... unlink ($file_img); The perl open function can also be used to execute commands. If the string ends with \\\"|\\\", the script executes the command",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"db": "BID",
"id": "14712"
},
{
"db": "VULHUB",
"id": "VHN-14056"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14056",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14056"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14712",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014837",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-2847",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "16683",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050901 [SECURIWEB.2005.1] - BARRACUDA SPAM FIREWALL ADVISORY",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-71388",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-63243",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82353",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1236",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16893",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-14056",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14056"
},
{
"db": "BID",
"id": "14712"
},
{
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"id": "VAR-200509-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14056"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:21.216000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14712"
},
{
"trust": 1.7,
"url": "http://www.securiweb.net/wiki/ressources/avisdesecurite/2005.1"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/alerts/2005/sep/1014837.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/16683/"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=112560044813390\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112560044813390\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
},
{
"trust": 0.3,
"url": "/archive/1/409665"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=112560044813390\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14056"
},
{
"db": "BID",
"id": "14712"
},
{
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14056"
},
{
"db": "BID",
"id": "14712"
},
{
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14056"
},
{
"date": "2005-09-01T00:00:00",
"db": "BID",
"id": "14712"
},
{
"date": "2005-09-08T10:03:00",
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"date": "2005-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-14056"
},
{
"date": "2005-09-01T00:00:00",
"db": "BID",
"id": "14712"
},
{
"date": "2016-10-18T03:30:47.743000",
"db": "NVD",
"id": "CVE-2005-2847"
},
{
"date": "2006-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability",
"sources": [
{
"db": "BID",
"id": "14712"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-075"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…