Barracuda Spam Firewall img.pl Traversal Arbitrary Command Execution

2005-08-01T01:25:58
ID OSVDB:19279
Type osvdb
Reporter OSVDB
Modified 2005-08-01T01:25:58

Description

Solution Description

Upgrade to version 3.1.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]:8000/cgi-bin/img.pl?f=../home/emailswitch/code/config/current.conf

References:

Security Tracker: 1014837 Secunia Advisory ID:16683 Related OSVDB ID: 19281 Related OSVDB ID: 19280 Other Advisory URL: http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0009.html Keyword: SecuriWeb Advisory 2005.1 ISS X-Force ID: 22120 Generic Exploit URL: http://metasploit.com/projects/Framework/exploits.html#barracuda_img_exec CVE-2005-2847 CVE-2005-2848 Bugtraq ID: 14710