MVSA-08-003


CVE:
CVE-2008-1094
Vendor:
Barracuda Networks
Products:
Barracuda Spam Firewall

Vulnerabilities:
SQL Injection

Risk:
High
Attack Vector:
From Remote
Authentication:
Required
References:
Original Advisory: http://dcsl.ul.ie/advisories/02.html
Barracuda Tech Alerts: http://www.barracudanetworks.com/ns/support/tech_alert.php

 
Description
 
Barracuda Networks Spam Firewall Release 3.5.11.020 (2008-02-26) and earlier are vulnerable to various SQL Injection attacks. When exploited by an authenticated user,  the identified vulnerability can lead to Database Information Disclosure, Denial of Service, etc.
 
The index.cgi resource was identified as being susceptible to SQL Injection attacks.  When filtering user accounts in Users->Account View section, the pattern_x parameter (where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set to ‘search_count_equals‘ value.

/cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=
per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&
pattern_0=if(database() like concat(char(99),char(37)),5,0)


An attacker can exploit this vulnerability by injecting arbitrary SQL code to be executed as part of the SQL query.


Affected Versions


Barracuda Spam Firewall Release 3.5.11.020 (2008-02-26) and earlier

 

Mitigation

 

Vendor recommends upgrading to Barracuda Spam Firewall (Firmware v3.5.12.007).
Alternatively, please contact Barracuda Networks for technical support. 

Disclosure Timeline

16 June 2008: Vulnerabilities discovered and documented

16 June 2008: Vendor notified
15 December 2008: Original advisory published

 
MVSA-08-003
Dr. Marian Ventuneac

Comments