----------------------------------------------------------------------

2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

----------------------------------------------------------------------

TITLE:
BarracudaDrive Web Server Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA28032

VERIFY ADVISORY:
http://secunia.com/advisories/28032/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS

WHERE:
>From remote

SOFTWARE:
BarracudaDrive Web Server 3.x
http://secunia.com/product/16873/

DESCRIPTION:
Luigi Auriemma has reported some vulnerabilities in BarracudaDrive
Web Server, which can be exploited by malicious users to manipulate
certain data and cause a DoS (Denial of Service), and by malicious
people to conduct script insertion attacks and disclose sensitive
information.

1) An input validation error can be exploited to access arbitrary
files on the system via directory traversal sequences in HTTP
requests.

2) It is possible to disclose the source code of scripts on the
server (e.g. LUA scripts with the extension .lsp) by appending a "+",
a "." or any other character greater than "0x7f" to the filename in
the request.

3) An input validation error can be exploited to delete arbitrary
files and empty directories via directory traversal attacks.

4) A null-pointer dereference error in the Group Chat feature can be
exploited to crash the application by sending a request with an empty
Connection ID.

Successful exploitation of vulnerabilities #3 and #4 requires a valid
user account.

5) Input passed via HTTP requests is not properly sanitised before
being used in the Trace page of the admin interface. This can be
exploited to insert arbitrary HTML and script code, which is then
executed in an administrative user's browser session in context of an
affected site when the malicious requests are viewed in the log
files.

The vulnerabilities are reported in version 3.7.2. Other versions may
also be affected.

SOLUTION:
Update to version 3.8.

PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma

ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/barradrive-adv.txt

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------