First published: Thu Sep 08 2005(Updated: )
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Barracuda Spam Firewall | =3.1.16 | |
Barracuda Spam Firewall | =3.1.17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-2849 is classified as a medium severity vulnerability due to its potential to allow unauthorized access to sensitive information.
To fix CVE-2005-2849, you should upgrade the Barracuda Spam Firewall to a version that is not affected by this vulnerability, specifically firmware version 3.1.18 or later.
CVE-2005-2849 affects Barracuda Spam Firewall versions 3.1.16 and 3.1.17.
CVE-2005-2849 can be exploited by remote attackers to read source code, determine file existence, and potentially modify files.
There are no specific workarounds for CVE-2005-2849; the best mitigation is to ensure the software is updated to a patched version.