Remote Command Execution Vulnerability in Barracuda Spam Firewall
CVE-2006-4081

Currently unrated

Key Information:

Vendor: Barracuda Networks
Status: Barracuda Spam Firewall
Vendor: CVE Published:; 11 August 2006

🔔 Create Barracuda Networks Vulnerability Alert

What is CVE-2006-4081?

The Barracuda Spam Firewall's preview_email.cgi component versions 3.3.01.001 to 3.3.03.053 is susceptible to remote command execution. This occurs when unfiltered shell metacharacters, particularly the pipe symbol ('|'), are provided in the file parameter. Attackers can exploit this vulnerability to execute arbitrary commands, potentially leading to broader system compromise, especially when combined with the weaknesses outlined in CVE-2006-4000.

References

http://secunia.com/advisories/21258

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/19276

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/28234

vdb-entryx_refsource_XF

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2006
Vulnerability Reserved
Aug 10, 2006

JSON