Slashdot Mirror

← Back to Stories (view on slashdot.org)

Barracuda Appliances Have Exploitable Holes, Fixed By Firmware Updates

Posted by timothy on from the unless-you-like-them-that-way dept.

Orome1 writes "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances." Here's Barracuda's tech note about the exploitable holes.

5 of 88 comments (clear)

  1. Original source for Advisory by Anonymous Coward · · Score: 5, Informative

    SEC Consult Vulnerability Lab Security Advisory - 20130124-0

    title: Critical SSH Backdoor in multiple Barracuda Networks Products

    vulnerable products: Barracuda Spam and Virus Firewall
                                              Barracuda Web Filter
                                              Barracuda Message Archiver
                                              Barracuda Web Application Firewall
                                              Barracuda Link Balancer
                                              Barracuda Load Balancer
                                              Barracuda SSL VPN
                                              (all including their respective virtual "Vx" versions)

      vulnerable version: all versions Security Definition 2.0.5
                fixed version: Security Definition 2.0.5
                impact: Critical
                homepage: https://www.barracudanetworks.com/
                found: 2012-11-20
                by: S. Viehbck
                SEC Consult Vulnerability Lab
                https://www.sec-consult.com

  2. Security apliances growing obsolete by Anonymous Coward · · Score: 5, Insightful

    Security appliances are a joke. Overpriced slabs sold by slimy salesmen to clueless PHBs to offer "security" in a box.
    Security doesn't come in a box. It comes with process, documentation, and vigilance. Things alien to incompetent management.
    It's no surprise that these digital snake oil machines are riddled with security holes themselves.

    Anyway, these things are mostly obsolete. Why spend a fortune when your infrastructure is all VMs hosted across multiple data centers in many distinct geographic locations.

    You still host your own servers? Why?

  3. Re:small set of ips by cluedweasel · · Score: 4, Informative

    According to the article, these non-Barracuda domains fall within those blocks. mail.totalpaas.com (205.158.110.135) - Domain registered by: Domains By Proxy, LLC ... frmt1.boxitweb.com (205.158.110.132) - Domain registered by: Thor Myhrstad static.medallia.com (205.158.110.229) - Domain registed by: Medallia Inc. utility.connectify.net (205.158.110.171) - Domain registered by: Connectify Networks, Inc. everest.address.com (216.129.105.202) - Domain registed by: WhitePages, Inc. mail.tqm.bz (216.129.105.205) - Domain registered by: Total Quality Maintenance, Inc outbound.andyforbes.com (216.129.105.212) - Domain registered by: HM hosting Anyone got any idea why those would be included in having access? Apparently this hole has been present since 2003. I'm surprised it didn't come to light earlier.

  4. Re:How about a note apologizing and closing shop by mvdwege · · Score: 4, Insightful

    This is Barracuda, who were still doing accept-then-bounce when even Microsoft had changed that to no longer being the default in Exchange.

    --
    "I know I will be modded down for this": where's the option '-1, Asking for it'?
  5. Re:How about a note apologizing and closing shop by gandhi_2 · · Score: 5, Funny

    Shoot. It would be nice if Windows had an SSH front door.

    --
    THL phish sticks