Last Modified: June 1, 2023
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
Tweets last week: 0
Remaining steady
Yahoo results: 196000
Remaining steady
Current EPSS Score: 0.0244
Remaining steady
Reddit Posts: 28
Remaining steady
Github Repos: 4
Remaining steady
Found exploits:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Base Score: 9.8
Exploitability Score:
3.9
Impact Score: 5.9
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-77
['alert file ( msg:"SERVER-WEBAPP Barracuda Email Security Gateway malicious .tar upload attempt"; flowbits:isset,file.tar; file_data; content:"ustar"; content:"L",within 1,distance -106; byte_extract:10,-32,hdr_size,relative,string,oct; content:"|60|",within hdr_size,distance 377; metadata:policy max-detect-ips drop,policy security-ips drop; reference:cve,2023-2868; reference:url,www.barracuda.com/company/legal/esg-vulnerability; classtype:web-application-attack; gid:1; sid:300596; rev:2; )\n', 'alert file ( msg:"SERVER-WEBAPP Barracuda Email Security Gateway malicious .tar upload attempt"; flowbits:isset,file.tar; file_data; content:"ustar"; content:"|60|",within 100,distance -262; metadata:policy max-detect-ips drop,policy security-ips drop; reference:cve,2023-2868; reference:url,www.barracuda.com/company/legal/esg-vulnerability; classtype:web-application-attack; gid:1; sid:300597; rev:2; )\n', 'alert file ( msg:"SERVER-WEBAPP Barracuda Email Security Gateway malicious .tar upload attempt"; flowbits:isset,file.tar; file_data; content:"ustar"; content:"L",within 1,distance -106; byte_extract:10,-32,hdr_size,relative,string,oct; content:"$(",within hdr_size,distance 377; metadata:policy max-detect-ips drop,policy security-ips drop; reference:cve,2023-2868; reference:url,www.barracuda.com/company/legal/esg-vulnerability; classtype:web-application-attack; gid:1; sid:300605; rev:1; )\n', 'alert file ( msg:"SERVER-WEBAPP Barracuda Email Security Gateway malicious .tar upload attempt"; flowbits:isset,file.tar; file_data; content:"ustar"; content:"$(",within 100,distance -262; metadata:policy max-detect-ips drop,policy security-ips drop; reference:cve,2023-2868; reference:url,www.barracuda.com/company/legal/esg-vulnerability; classtype:web-application-attack; gid:1; sid:300606; rev:1; )\n']
| Condition | Configuration | |
|---|---|---|
| AND | ||
| OR | ||
| OR | ||
| cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:* Part: o Vendor: barracuda | Alle Schwachstellen für barracuda | |
| OR | ||
| OR | ||
| cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:* Part: h Vendor: barracuda | Alle Schwachstellen für barracuda | |
| Condition | Configuration | |
|---|---|---|
| AND | ||
| OR | ||
| OR | ||
| cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:* Part: o Vendor: barracuda | Alle Schwachstellen für barracuda | |
| OR | ||
| OR | ||
| cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:* Part: h Vendor: barracuda | Alle Schwachstellen für barracuda | |
| Condition | Configuration | |
|---|---|---|
| AND | ||
| OR | ||
| OR | ||
| cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:* Part: o Vendor: barracuda | Alle Schwachstellen für barracuda | |
| OR | ||
| OR | ||
| cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:* Part: h Vendor: barracuda | Alle Schwachstellen für barracuda | |
| Condition | Configuration | |
|---|---|---|
| AND | ||
| OR | ||
| OR | ||
| cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:* Part: o Vendor: barracuda | Alle Schwachstellen für barracuda | |
| OR | ||
| OR | ||
| cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:* Part: h Vendor: barracuda | Alle Schwachstellen für barracuda | |
| Condition | Configuration | |
|---|---|---|
| AND | ||
| OR | ||
| OR | ||
| cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:* Part: o Vendor: barracuda | Alle Schwachstellen für barracuda | |
| OR | ||
| OR | ||
| cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:* Part: h Vendor: barracuda | Alle Schwachstellen für barracuda | |
CWE-ID:
Not defined
Base Score V3:
Not defined
Exploitability Score V3:
Not defined
Impact Score V3:
Not defined
Cvss Vector V3:
Not defined
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*"/>
</set>
</set>
</set>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*"/>
</set>
</set>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*"/>
</set>
</set>
</set>
<prop key="program_influence" value="input"/>
</set>