var-200509-0169
Vulnerability from variot
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. This issue arises when user-specified commands are supplied to the Web interface of the device. An attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access. Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue. The img.pl script tries to disconnect the file when the user finishes reading it. In /cgi-bin/img.pl script: my $file_img=\"/tmp/\".CGI::param(\'\'f\'\'); open (IMG, $file_img) or die \ "Could not open image because: $!\n\"; ... unlink ($file_img); The perl open function can also be used to execute commands. If the string ends with \"|\", the script executes the command
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200509-0169", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "spam firewall", "scope": "eq", "trust": 1.6, "vendor": "barracuda", "version": "3.1.16" }, { "model": "spam firewall", "scope": "eq", "trust": 1.6, "vendor": "barracuda", "version": "3.1.17" }, { "model": "networks barracuda spam firewall", "scope": "eq", "trust": 0.3, "vendor": "barracuda", "version": "3.1.17" }, { "model": "networks barracuda spam firewall", "scope": "ne", "trust": 0.3, "vendor": "barracuda", "version": "3.1.18" } ], "sources": [ { "db": "BID", "id": "14712" }, { "db": "CNNVD", "id": "CNNVD-200509-075" }, { "db": "NVD", "id": "CVE-2005-2847" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Francois Harvey fharvey@securiweb.net", "sources": [ { "db": "CNNVD", "id": "CNNVD-200509-075" } ], "trust": 0.6 }, "cve": "CVE-2005-2847", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2005-2847", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-14056", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2005-2847", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-200509-075", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-14056", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-14056" }, { "db": "CNNVD", "id": "CNNVD-200509-075" }, { "db": "NVD", "id": "CVE-2005-2847" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. \nThis issue arises when user-specified commands are supplied to the Web interface of the device. \nAn attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access. \nBarracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue. The img.pl script tries to disconnect the file when the user finishes reading it. In /cgi-bin/img.pl script: my $file_img=\\\"/tmp/\\\".CGI::param(\\\u0027\\\u0027f\\\u0027\\\u0027); open (IMG, $file_img) or die \\ \"Could not open image because: $!\\n\\\"; ... unlink ($file_img); The perl open function can also be used to execute commands. If the string ends with \\\"|\\\", the script executes the command", "sources": [ { "db": "NVD", "id": "CVE-2005-2847" }, { "db": "BID", "id": "14712" }, { "db": "VULHUB", "id": "VHN-14056" } ], "trust": 1.26 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-14056", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-14056" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "14712", "trust": 2.0 }, { "db": "SECTRACK", "id": "1014837", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2005-2847", "trust": 1.7 }, { "db": "SECUNIA", "id": "16683", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-200509-075", "trust": 0.7 }, { "db": "BUGTRAQ", "id": "20050901 [SECURIWEB.2005.1] - BARRACUDA SPAM FIREWALL ADVISORY", "trust": 0.6 }, { "db": "SEEBUG", "id": "SSVID-71388", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-63243", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82353", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "1236", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "16893", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-14056", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-14056" }, { "db": "BID", "id": "14712" }, { "db": "CNNVD", "id": "CNNVD-200509-075" }, { "db": "NVD", "id": "CVE-2005-2847" } ] }, "id": "VAR-200509-0169", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-14056" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:24:34.423000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2005-2847" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.securityfocus.com/bid/14712" }, { "trust": 1.7, "url": "http://www.securiweb.net/wiki/ressources/avisdesecurite/2005.1" }, { "trust": 1.7, "url": "http://www.securitytracker.com/alerts/2005/sep/1014837.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/16683/" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=112560044813390\u0026w=2" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112560044813390\u0026w=2" }, { "trust": 0.3, "url": "http://www.barracudanetworks.com/ns/products/spam_overview.php" }, { "trust": 0.3, "url": "/archive/1/409665" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=112560044813390\u0026amp;w=2" } ], "sources": [ { "db": "VULHUB", "id": "VHN-14056" }, { "db": "BID", "id": "14712" }, { "db": "CNNVD", "id": "CNNVD-200509-075" }, { "db": "NVD", "id": "CVE-2005-2847" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-14056" }, { "db": "BID", "id": "14712" }, { "db": "CNNVD", "id": "CNNVD-200509-075" }, { "db": "NVD", "id": "CVE-2005-2847" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-09-08T00:00:00", "db": "VULHUB", "id": "VHN-14056" }, { "date": "2005-09-01T00:00:00", "db": "BID", "id": "14712" }, { "date": "2005-09-08T00:00:00", "db": "CNNVD", "id": "CNNVD-200509-075" }, { "date": "2005-09-08T10:03:00", "db": "NVD", "id": "CVE-2005-2847" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-10-18T00:00:00", "db": "VULHUB", "id": "VHN-14056" }, { "date": "2005-09-01T00:00:00", "db": "BID", "id": "14712" }, { "date": "2006-08-23T00:00:00", "db": "CNNVD", "id": "CNNVD-200509-075" }, { "date": "2024-11-21T00:00:33.200000", "db": "NVD", "id": "CVE-2005-2847" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200509-075" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability", "sources": [ { "db": "BID", "id": "14712" }, { "db": "CNNVD", "id": "CNNVD-200509-075" } ], "trust": 0.9 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-200509-075" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.