Wednesday, December 06, 2006

Barracuda Spam Firewall Open to Attack for 20 Months?

Via heise Security.

The Barracuda Spam Firewall has been open to attacks for 20 months, according to an analysis by security specialist Jean-Sébastien Guay-Leroux. It is even possible for an attacker to open a shell on the firewall via the internet.

The firewall promises protection from spam, viruses, spoofing, phishing, spyware and DoS attacks. To do so it uses libraries, including the Convert-UUlib Perl library that provides an interface to uulib libraries, in order to be able to access different types of coded data. A buffer overflow in Convert-UUlib was discovered in April 2005 which could be exploited to infiltrate and execute malicious code via crafted BinHex files. Barracuda Networks apparently failed to notice this problem, with the result that the bug in their product was not fixed.

More here.

1 Comments:

At Thu Dec 07, 08:26:00 PM PST, Anonymous Anonymous said...

Yeah but thanks to this issue i now have a shell where i can log on my barracuda box and patch whatever i feal like :)

 

Post a Comment

<< Home