var-200608-0396
Vulnerability from variot
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Using a hardware-encoded password for the administrator account when logging in locally could allow an attacker to gain access.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Barracuda Spam Firewall Information Disclosure and Default Account
SECUNIA ADVISORY ID: SA21258
VERIFY ADVISORY: http://secunia.com/advisories/21258/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information
WHERE:
From local network
OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/product/4639/
DESCRIPTION: Greg Sinclair has reported a vulnerability and a security issue in Barracuda Spam Firewall, which can be exploited by malicious people to bypass certain security restrictions and disclose various information.
1) Input passed to the "file" parameter in preview_email.cgi is not properly verified, before it is used to view files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks (e.g. message logs).
Example: https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]
Successful exploitation requires that the user has been authenticated.
2) A default guest account with a hard-coded password exists in Login.pm. This can be exploited to disclose various configuration and version information.
A combination of the two issues can be exploited by a malicious person to disclose the contents of arbitrary files.
The vulnerability and the security issue have been reported in firmware versions 3.3.01.001 through 3.3.03.053. Prior versions may also be affected.
SOLUTION: Update to firmware version 3.3.0.54.
PROVIDED AND/OR DISCOVERED BY: Greg Sinclair
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spam firewall",
"scope": "eq",
"trust": 2.4,
"vendor": "barracuda",
"version": "3.3.03.053"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barracuda_networks:barracuda_spam_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Greg Sinclair gssincla@nnlsoftware.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4082",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-4082",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-20190",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4082",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#199348",
"trust": 0.8,
"value": "2.57"
},
{
"author": "NVD",
"id": "CVE-2006-4082",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20190",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20190"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Using a hardware-encoded password for the administrator account when logging in locally could allow an attacker to gain access. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nBarracuda Spam Firewall Information Disclosure and Default Account\n\nSECUNIA ADVISORY ID:\nSA21258\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21258/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, Exposure of\nsensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nBarracuda Spam Firewall\nhttp://secunia.com/product/4639/\n\nDESCRIPTION:\nGreg Sinclair has reported a vulnerability and a security issue in\nBarracuda Spam Firewall, which can be exploited by malicious people\nto bypass certain security restrictions and disclose various\ninformation. \n\n1) Input passed to the \"file\" parameter in preview_email.cgi is not\nproperly verified, before it is used to view files. This can be\nexploited to disclose the contents of arbitrary files via directory\ntraversal attacks (e.g. message logs). \n\nExample:\nhttps://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]\n\nSuccessful exploitation requires that the user has been\nauthenticated. \n\n2) A default guest account with a hard-coded password exists in\nLogin.pm. This can be exploited to disclose various configuration and\nversion information. \n\nA combination of the two issues can be exploited by a malicious\nperson to disclose the contents of arbitrary files. \n\nThe vulnerability and the security issue have been reported in\nfirmware versions 3.3.01.001 through 3.3.03.053. Prior versions may\nalso be affected. \n\nSOLUTION:\nUpdate to firmware version 3.3.0.54. \n\nPROVIDED AND/OR DISCOVERED BY:\nGreg Sinclair\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4082"
},
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"db": "VULHUB",
"id": "VHN-20190"
},
{
"db": "PACKETSTORM",
"id": "48752"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#199348",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "21258",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2006-4082",
"trust": 2.5
},
{
"db": "BID",
"id": "19276",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1363",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "29780",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200608-192",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060804 BARRACUDA SPAM FIREWALL: ADMINISTRATOR LEVEL REMOTE COMMAND EXECUTION [ID-20060804-01]",
"trust": 0.6
},
{
"db": "XF",
"id": "28235",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060804 BARRACUDA SPAM FIREWALL: ADMINISTRATOR LEVEL REMOTE COMMAND EXECUTION [ID-20060804-01]",
"trust": 0.6
},
{
"db": "BID",
"id": "83175",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20190",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48752",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20190"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"db": "PACKETSTORM",
"id": "48752"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"id": "VAR-200608-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20190"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:19:59.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.barracudanetworks.com/ns/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/199348"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19276"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/29780"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21258"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1363"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/442249/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28235"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/21258/"
},
{
"trust": 0.8,
"url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4082"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4082"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/442249/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28235"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4639/"
},
{
"trust": 0.1,
"url": "https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20190"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"db": "PACKETSTORM",
"id": "48752"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20190"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"db": "PACKETSTORM",
"id": "48752"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-24T00:00:00",
"db": "CERT/CC",
"id": "VU#199348"
},
{
"date": "2006-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-20190"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"date": "2006-08-03T03:35:36",
"db": "PACKETSTORM",
"id": "48752"
},
{
"date": "2006-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"date": "2006-08-11T10:04:00",
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-29T00:00:00",
"db": "CERT/CC",
"id": "VU#199348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20190"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001068"
},
{
"date": "2006-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-192"
},
{
"date": "2024-11-21T00:15:07.500000",
"db": "NVD",
"id": "CVE-2006-4082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Spam Firewall contains hardcoded default login credentials",
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-192"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…