|
Description
|
|
A vulnerability has been identified in Barracuda Spam & Virus Firewall, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by an input validation error in the "/cgi-mod/view_help.cgi" script when processing the "locale" parameter, which could be exploited to conduct directory traversal attacks and disclose the contents of arbitrary files (e.g. "config.snapshot").
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Barracuda IM Firewall version 3.4.01.004 and priorBarracuda Link Balancer version 2.1.1.010 and priorBarracuda Load Balancer version 3.3.1.005 and priorBarracuda Message Archiver version 2.2.1.005 and priorBarracuda Spam & Virus Firewall version 4.1.2.006 and priorBarracuda SSL VPN version 1.7.2.004 and priorBarracuda Web Application Firewall version 7.4.0.022 and priorBarracuda Web Filter version 4.3.0.013 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to security definition version 2.0.4 (2010-09-28).
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://www.barracudanetworks.com/ns/support/tech_alert.php
http://www.exploit-db.com/exploits/15130/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
