CVE-2006-4081
published 2006-08-11CVE-2006-4081: preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.20%
89.7th percentile
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barracuda_networks | barracuda_spam_firewall | — | — |
| barracuda_networks | barracuda_spam_firewall | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)
exploitdb·2006-08-08
CVE-2006-4081 Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)
---
Title: Barracuda Arbitrary File Disclosure + Command Execution
Severity: High (Sensitive Information Disclosure)
Date: 01 August 2006
Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053
Discovered by: Greg Sinclair
Credits: Matthew Hall
Update: 07 August 2006
Updated by: PATz
####################################################################
Proof of Concept:
https:///cgi-bin/preview_email.cgi?file=/mail/mlog/../tmp/backup/periodic_config.txt.tmp
https:///cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/|
####################################################################
#using |unix| for command execution:
https:///cgi-bin/preview_email.cgi?file=/mail/mlog/|uname%20-a|
#admin lo
Exploit-DB
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)
exploitdb·2006-08-07
CVE-2006-4081 Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)
---
Title: Barracuda Arbitrary File Disclosure + Command Execution
Severity: High (Sensitive Information Disclosure)
Date: 01 August 2006
Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053
Discovered by: Greg Sinclair ([email protected])
Discovered on: 29 May 2006
Overview:
Barracuda Spam Firewalls (www.barracudanetworks.com) are vulnerable to
arbitrary file disclosure due to improper parameter sanitation.
Details:
The Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 are vulnerable to
arbitrary file disclosure via the preview_email.cgi script. The /cgi-
bin/preview_email.cgi script is designed to retrieve a message from the local
message database on the Barracuda Spam Firewall.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.htmlhttp://secunia.com/advisories/21258http://securityreason.com/securityalert/1363http://www.securityfocus.com/archive/1/442132/100/0/threadedhttp://www.securityfocus.com/archive/1/442249/100/0/threadedhttp://www.securityfocus.com/bid/19276https://exchange.xforce.ibmcloud.com/vulnerabilities/28234http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.htmlhttp://secunia.com/advisories/21258http://securityreason.com/securityalert/1363http://www.securityfocus.com/archive/1/442132/100/0/threadedhttp://www.securityfocus.com/archive/1/442249/100/0/threadedhttp://www.securityfocus.com/bid/19276https://exchange.xforce.ibmcloud.com/vulnerabilities/28234
2006-08-11
Published