Intrusion Prevention

Barracuda.imgpl.Command.Execution

Description

The script img.pl in the Barracuda Spam Firewall is vulnerable to a remote arbitrary command execution attack. An attacker can supply arbitrary commands to the web interface of the device and they will be executed within the context of the server.

Affected Products

Barracuda Networks Barracuda Spam Firewall 3.1.17 firmware.

Impact

The execution of arbitrary code on the system.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.

CVE References

CVE-2005-2848 CVE-2005-2847