Vulnerabilities > CVE-2005-2847 - Unspecified vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 2 |
Exploit-Db
description Barracuda Spam Firewall < 3.1.18 Command Execution Exploit (meta). CVE-2005-2847,CVE-2005-2848. Webapps exploit for cgi platform id EDB-ID:1236 last seen 2016-01-31 modified 2005-09-27 published 2005-09-27 reporter Nicolas Gregoire source https://www.exploit-db.com/download/1236/ title Barracuda Spam Firewall < 3.1.18 Command Execution Exploit meta description Barracuda IMG.PL Remote Command Execution. CVE-2005-2847. Webapps exploit for cgi platform id EDB-ID:16893 last seen 2016-02-02 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16893/ title Barracuda IMG.PL Remote Command Execution
Metasploit
description | This module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable. |
id | MSF:EXPLOIT/UNIX/WEBAPP/BARRACUDA_IMG_EXEC |
last seen | 2020-01-08 |
modified | 2017-09-08 |
published | 2007-01-05 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/barracuda_img_exec.rb |
title | Barracuda IMG.PL Remote Command Execution |
Nessus
NASL family | CGI abuses |
NASL id | BARRACUDA_SPAM_FIREWALL_3118.NASL |
description | The remote host appears to be a Barracuda Spam Firewall network appliance, which protects mail servers from spam, viruses, and the like. Further, it appears that the installed appliance suffers from several vulnerabilities that allow for execution of arbitrary code and reading of arbitrary files, all subject to the permissions of the web server user id. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19556 |
published | 2005-09-01 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19556 |
title | Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/82353/barracuda_img_exec.rb.txt |
id | PACKETSTORM:82353 |
last seen | 2016-12-05 |
published | 2009-10-30 |
reporter | Nicolas Gregoire |
source | https://packetstormsecurity.com/files/82353/Barracuda-IMG.PL-Remote-Command-Execution.html |
title | Barracuda IMG.PL Remote Command Execution |
References
- http://marc.info/?l=bugtraq&m=112560044813390&w=2
- http://marc.info/?l=bugtraq&m=112560044813390&w=2
- http://secunia.com/advisories/16683/
- http://secunia.com/advisories/16683/
- http://www.securityfocus.com/bid/14712
- http://www.securityfocus.com/bid/14712
- http://www.securitytracker.com/alerts/2005/Sep/1014837.html
- http://www.securitytracker.com/alerts/2005/Sep/1014837.html
- http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1
- http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1