In association with heise online

06 December 2006, 23:07

Barracuda Spam Firewall open to attack for 20 months

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Barracuda Spam Firewall has been open to attacks for 20 months, according to an analysis by security specialist Jean-Sébastien Guay-Leroux. It is even possible for an attacker to open a shell on the firewall via the internet.

The firewall promises protection from spam, viruses, spoofing, phishing, spyware and DoS attacks. To do so it uses libraries, including the Convert-UUlib Perl library that provides an interface to uulib libraries, in order to be able to access different types of coded data. A buffer overflow in Convert-UUlib was discovered in April 2005 which could be exploited to infiltrate and execute malicious code via crafted BinHex files. Barracuda Networks apparently failed to notice this problem, with the result that the bug in their product was not fixed.

It was not until August 2006 that Guay-Leroux looked again at the vulnerability as part of tests of his exploit framework PIRANA and determined that the Barracuda Spam Firewall was still vulnerable. According to Guay-Leroux the vulnerability is present in firmware versions prior to with virus definition signatures earlier than 2.0.325. He informed the manufacturer at the end of November. A reaction was forthcoming within a few days and an update was released.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit