Sign-up

ID

VAR-200608-0396


CVE

CVE-2006-4082


TITLE

Barracuda Spam Firewall contains hardcoded default login credentials

Trust: 0.8

sources: CERT/CC: VU#199348

DESCRIPTION

Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Using a hardware-encoded password for the administrator account when logging in locally could allow an attacker to gain access. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Barracuda Spam Firewall Information Disclosure and Default Account SECUNIA ADVISORY ID: SA21258 VERIFY ADVISORY: http://secunia.com/advisories/21258/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/product/4639/ DESCRIPTION: Greg Sinclair has reported a vulnerability and a security issue in Barracuda Spam Firewall, which can be exploited by malicious people to bypass certain security restrictions and disclose various information. 1) Input passed to the "file" parameter in preview_email.cgi is not properly verified, before it is used to view files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks (e.g. message logs). Example: https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file] Successful exploitation requires that the user has been authenticated. 2) A default guest account with a hard-coded password exists in Login.pm. This can be exploited to disclose various configuration and version information. A combination of the two issues can be exploited by a malicious person to disclose the contents of arbitrary files. The vulnerability and the security issue have been reported in firmware versions 3.3.01.001 through 3.3.03.053. Prior versions may also be affected. SOLUTION: Update to firmware version 3.3.0.54. PROVIDED AND/OR DISCOVERED BY: Greg Sinclair ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-4082 // CERT/CC: VU#199348 // JVNDB: JVNDB-2006-001068 // VULHUB: VHN-20190 // PACKETSTORM: 48752

AFFECTED PRODUCTS

vendor:barracudamodel:spam firewallscope:eqversion:3.3.03.053

Trust: 2.4

vendor:barracudamodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#199348 // JVNDB: JVNDB-2006-001068 // CNNVD: CNNVD-200608-192 // NVD: CVE-2006-4082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4082
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#199348
value: 2.57

Trust: 0.8

NVD: CVE-2006-4082
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200608-192
value: HIGH

Trust: 0.6

VULHUB: VHN-20190
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-4082
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20190
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#199348 // VULHUB: VHN-20190 // JVNDB: JVNDB-2006-001068 // CNNVD: CNNVD-200608-192 // NVD: CVE-2006-4082

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4082

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200608-192

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200608-192

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001068

PATCH
title:Top Pageurl:http://www.barracudanetworks.com/ns/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001068

EXTERNAL IDS
db:CERT/CCid:VU#199348
Trust: 3.3
db:SECUNIAid:21258
Trust: 2.6
db:NVDid:CVE-2006-4082
Trust: 2.5
db:BIDid:19276
Trust: 1.7
db:SREASONid:1363
Trust: 1.7
db:OSVDBid:29780
Trust: 1.7
db:JVNDBid:JVNDB-2006-001068
Trust: 0.8
db:CNNVDid:CNNVD-200608-192
Trust: 0.7
db:BUGTRAQid:20060804 BARRACUDA SPAM FIREWALL: ADMINISTRATOR LEVEL REMOTE COMMAND EXECUTION [ID-20060804-01]
Trust: 0.6
db:XFid:28235
Trust: 0.6
db:FULLDISCid:20060804 BARRACUDA SPAM FIREWALL: ADMINISTRATOR LEVEL REMOTE COMMAND EXECUTION [ID-20060804-01]
Trust: 0.6
db:BIDid:83175
Trust: 0.1
db:VULHUBid:VHN-20190
Trust: 0.1
db:PACKETSTORMid:48752
Trust: 0.1
sources:
            
            
            CERT/CC: VU#199348 // 
            
            
            
            VULHUB: VHN-20190 // 
            
            
            
            JVNDB: JVNDB-2006-001068 // 
            
            
            
            PACKETSTORM: 48752 // 
            
            
            
            CNNVD: CNNVD-200608-192 // 
            
            
            
            NVD: CVE-2006-4082

REFERENCES
url:http://www.kb.cert.org/vuls/id/199348
Trust: 2.5
url:http://www.securityfocus.com/bid/19276
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html
Trust: 1.7
url:http://www.osvdb.org/29780
Trust: 1.7
url:http://secunia.com/advisories/21258
Trust: 1.7
url:http://securityreason.com/securityalert/1363
Trust: 1.7
url:http://www.securityfocus.com/archive/1/442249/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/28235
Trust: 1.1
url:http://secunia.com/advisories/21258/
Trust: 0.9
url:http://www.barracudanetworks.com/ns/products/spam_overview.php
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4082
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4082
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/442249/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/28235
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4639/
Trust: 0.1
url:https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#199348 // 
            
            
            
            VULHUB: VHN-20190 // 
            
            
            
            JVNDB: JVNDB-2006-001068 // 
            
            
            
            PACKETSTORM: 48752 // 
            
            
            
            CNNVD: CNNVD-200608-192 // 
            
            
            
            NVD: CVE-2006-4082

CREDITS
Greg Sinclair gssincla@nnlsoftware.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200608-192

SOURCES
db:CERT/CCid:VU#199348
db:VULHUBid:VHN-20190
db:JVNDBid:JVNDB-2006-001068
db:PACKETSTORMid:48752
db:CNNVDid:CNNVD-200608-192
db:NVDid:CVE-2006-4082

LAST UPDATE DATE
2024-08-14T13:50:43.544000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#199348date:2006-08-29T00:00:00
db:VULHUBid:VHN-20190date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2006-001068date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200608-192date:2006-08-14T00:00:00
db:NVDid:CVE-2006-4082date:2018-10-17T21:33:17.613

SOURCES RELEASE DATE
db:CERT/CCid:VU#199348date:2006-08-24T00:00:00
db:VULHUBid:VHN-20190date:2006-08-11T00:00:00
db:JVNDBid:JVNDB-2006-001068date:2012-06-26T00:00:00
db:PACKETSTORMid:48752date:2006-08-03T03:35:36
db:CNNVDid:CNNVD-200608-192date:2006-08-11T00:00:00
db:NVDid:CVE-2006-4082date:2006-08-11T10:04:00