Info

Disclosure

Aug 04, 2006

Discovery

Aug 03, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

By default, Spam Firewall contains hard-coded admin and guest accounts. The guest account may allow an attacker to access the contents of arbitrary files, leading to a loss of confidentiality. With the admin account, an attacker could make arbitrary changes to the system, leading to a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Upgrade to firmware version 3.3.0.54 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Barracuda Networks	Spam Firewall	3.3.01.001
		3.3.03.053

References

CERT VU: 199348
CVE ID: 2006-4082 (see also: NVD)
Secunia Advisory ID: 21258
Vendor Specific Solution URL: http://www.kb.cert.org/vuls/id/RGII-6SPJP4

Credit

Greg Sinclair -

Direct URL: http://osvdb.org/29780

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Barracuda Networks

Spam Firewall

References

Credit