Lucene search

MitreCVE-2005-2849

HistorySep 08, 2005 - 10:03 a.m.

CVE-2005-2849

2005-09-0810:03:00

mitre

web.nvd.nist.gov

cve

2005

2849

barracuda

spam

firewall

argument injection

vulnerability

firmware

tcpdump

dig

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.

Affected configurations

Nvd

Node

barracuda_networksbarracuda_spam_firewallMatch3.1.16

barracuda_networksbarracuda_spam_firewallMatch3.1.17

VendorProductVersionCPE
barracuda_networksbarracuda_spam_firewall3.1.16cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.16:*:*:*:*:*:*:*
barracuda_networksbarracuda_spam_firewall3.1.17cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barracuda_networks	barracuda_spam_firewall	3.1.16	cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.16:::::::*
barracuda_networks	barracuda_spam_firewall	3.1.17	cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.17:::::::*

References

marc.info/?l=bugtraq&m=112560044813390&w=2

secunia.com/advisories/16683/

securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1

www.securitytracker.com/alerts/2005/Sep/1014837.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2005-2849