Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code injection in Barracuda Email Security Gateway
Vulnerability Description
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Barracuda Email Security Gateway 命令注入漏洞
Vulnerability Description
Barracuda Email Security Gateway是Barracuda公司的一种电子邮件安全网关,可管理和过滤所有入站和出站电子邮件流量,以保护组织免受电子邮件威胁和数据泄露。 Barracuda Email Security Gateway 5.1.3.001到9.2.0.006版本存在安全漏洞,该漏洞源于用户提供的tar文件存在问题,攻击者利用该漏洞可以远程执行系统命令。
CVSS Information
N/A
Vulnerability Type
N/A