Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attack attempt against a Remote Code Execution vulnerability in Barracuda Spam Firewall.This is due to filters for user inputs failing to properly sanitize the f parameter value that is passed to "img.pl". An attacker may include shell commands by supplying an injection string through the URL. |
Affected ProductsBarracuda Networks Barracuda Spam Firewall 3.1.17 firmware. |
Recommended ActionsUpgrade to Barracuda Spam Firewall 3.1.18. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-2847CVE-2005-2848 |
Reference/shttp://www.securityfocus.com/bid/14712 (BugTraq)http://www.securityfocus.com/bid/14710 (BugTraq) |
