Barracuda Networks products Multiple Cross-Site Scripting Vulnerabilities

2008.12.17
Credit: marian.ventuneac_at_ul.ie
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2008-0971
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

CVE Numbers: CVE-2008-0971 Vulnerabilities: Multiple Cross-Site Scripting (Persistent & Reflected) Risk: Medium Attack vector: From Remote Vulnerabilities Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Message Archiver product is vulnerable to persistent and reflected Cross-Site Scripting (XSS) attacks. Barracuda Spam Firewall, IM Firewall and Web Filter products are vulnerable to multiple reflected XSS attacks. When exploited by an authenticated user, the identified vulnerabilities can lead to Information Disclosure, Session Hijack, access to Intranet available servers, etc. Description The index.cgi resource was identified as being susceptible to multiple persistent and reflected Cross Site Scripting (XSS) attacks. a. Persistent XSS in Barracuda Message Archiver In Search Based Retention Policy, the Policy Name field allows persistent XSS when set to something like policy_name" onblur="alert('xss') b. Reflected XSS in Barracuda Message Archiver Setting various parameters in IP Configuration, Administration, Journal Accounts, Retention Policy, and GroupWise Sync allow reflected XSS attacks. c. Reflected XSS in Barracuda Spam Firewall, IM Firewall and Web Filter &#183; User provided input is not sanitised when displayed as part of error messages - identified in all verified products. &#183; User provided input is not sanitised when used to perform various searches - identified in Barracuda Web Filter. &#183; Manipulation of HTML INPUT hidden elements - identified in all verified products. e.g auth_type INPUT hidden element allows a reflected XSS attack when set to something like Local"><script>alert('xss')</script> Original Advisory: http://dcsl.ul.ie/advisories/03.htm Barracuda Networks Technical Alert http://www.barracudanetworks.com/ns/support/tech_alert.php Affected Versions Barracuda Message Archiver (Firmware v1.1.0.010, Model 350) Barracuda Spam Firewall (Firmware v3.5.11.020, Model 600) Barracuda Web Filter (Firmware v3.3.0.038, Model 910) Barracuda IM Firewall (Firmware v3.0.01.008, Model 420) Other models/firmware versions might be affected. Mitigation Vendor recommends upgrading to the following firmware version: Barracuda Message Archiver Release 1.2.1.002 (2008-07-22) Barracuda Spam Firewall Release 3.5.12.007 (2008-10-24) Barracuda Web Filter Release 3.3.0.052 (2008-08-04) Barracuda IM Firewall Release 3.1.01.017 (2008-07-02) Barracuda Load Balancer Release 2.3.024 (2008-10-20) Alternatively, please contact Barracuda Networks for technical support. Credits Dr. Marian Ventuneac, marian.ventuneac_at_ul&#46;ie Data Communication Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick Disclaimer Data Communication Security Laboratory releases this information with the vendor acceptance. DCSL is not responsible for any malicious application of the information presented in this advisory.

References:

http://www.securityfocus.com/archive/1/archive/1/499294/100/0/threaded
http://www.osvdb.org/50709
http://www.barracudanetworks.com/ns/support/tech_alert.php
http://securitytracker.com/id?1021454
http://secunia.com/advisories/33164
http://dcsl.ul.ie/advisories/03.htm


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top