Description
Barracuda Networks Spam Firewall Release 3.5.11.020 (2008-02-26) and earlier are vulnerable to various SQL Injection attacks. When exploited by an authenticated user,
the identified vulnerability can lead to Database Information Disclosure, Denial of Service, etc.
The index.cgi resource was identified as being susceptible to SQL Injection attacks.
When filtering user accounts in Users->Account View section, the pattern_x parameter (where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set to ‘search_count_equals‘ value. /cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals& pattern_0=if(database() like concat(char(99),char(37)),5,0) An attacker can exploit this vulnerability by injecting arbitrary SQL code to be executed as part of the SQL query. Affected Versions Barracuda Spam Firewall Release 3.5.11.020 (2008-02-26) and earlier
Mitigation
Vendor recommends upgrading to Barracuda Spam Firewall (Firmware v3.5.12.007).
Alternatively, please contact Barracuda Networks for technical support.
Disclosure Timeline 16 June 2008: Vulnerabilities discovered and documented 16 June 2008: Vendor notified 15 December 2008: Original advisory published MVSA-08-003
Dr. Marian Ventuneac
|