Release date:
Updated on: 2012-09-05
Affected Systems:
Barracuda Networks SSL VPNs 680
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54593
Cve id: CVE-2012-4739
Barracuda ssl vpn is a solution that integrates hardware and software to ensure secure remote access to internal network resources from any browser without a client.
Multiple XSS vulnerabilities exist in earlier versions of Barracuda ssl vpn 2.2.2.203. the policyLaunching, resourcePrefix, and actionPath parameters in do are passed to fileSystem. the list and path parameters in do are passed to launchAgent. do's return-To parameter allows remote attackers To inject Web scripts or HTML code.
<* Source: Benjamin Kunz Mejri
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Www.example.com/resourceList.do? Form = resourceCategoriesForm & amp; readOnly = test & amp; path =
% 2FshowUserResourceCategories. do & amp; messageResourcesKey = resourceCategory & amp; actionPath = [NON-PERSISTENT script code!]
Www.example.com/?file=.do? [VALUE #1] = l52ca6d & amp; [VALUE #2] = [VALUE #3] & amp; [path listing] = smb/Sales % 20 Folder/Opt/[NON-PERSISTENT script code!]
Www.example.com/fileSystem.do? LaunchId = l52ca6d & amp; actionTarget = list & amp; path = smb/Sales % 20 Folder/Testing % 20 from % 20Tri % 20Opt/% 22% 3E % 3 Ciframe % 20src = a % 20 onload = alert % 28% 22VL % 22% 29% 20% 3C
Www.example.com/launchAgent.do? LaunchId = l3ce418 & amp; returnTo = [NON-PERSISTENT script code!]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Barracuda Networks
------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.barracudanetworks.com/ns/products/spam_overview.php