Description
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
Affected products
- Barracuda Networks / barracuda_spam_firewall3.1.16 – 3.1.16
- Barracuda Networks / barracuda_spam_firewall3.1.17 – 3.1.17
References
- MISChttp://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1
- MISChttp://www.securitytracker.com/alerts/2005/Sep/1014837.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/16683/
- MAILING_LISThttp://marc.info/?l=bugtraq&m=112560044813390&w=2
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/22120
- MISChttp://www.securityfocus.com/bid/14710