Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:BARRACUDA:PREV-EXEC

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Barracuda Spam Filter Command Execution

Release Date

 2006/08/10

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Barracuda Spam Filter Command Execution


This signature detects attempts to exploit a known vulnerability against Barracuda Spam Filter. By supplying a specially crafted HTTP request, the client can cause the server to execute arbitrary commands.

Extended Description

Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. A remote attacker can exploit these issues to gain access to potentially sensitive information and execute commands in the context of the affected application. Versions 3.3.01.001 to 3.3.03.055 are vulnerable to these issues.

Affected Products

  • Barracuda Networks Barracuda Spam Firewall 3.3.01.001
  • Barracuda Networks Barracuda Spam Firewall 3.3.03.053
  • Barracuda Networks Barracuda Spam Firewall 3.3.03.055

References

  • BugTraq: 19276
  • CVE: CVE-2006-4000
  • URL: http://www.barracudanetworks.com/ns/products/spam_overview.php
  • URL: http://www.securityfocus.com/archive/1/archive/1/441861/100/0/threaded

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out