Barracuda Spam Firewall open to attack for 20 months
The Barracuda Spam Firewall has been open to attacks for 20 months, according to an analysis by security specialist Jean-Sébastien Guay-Leroux. It is even possible for an attacker to open a shell on the firewall via the internet.
The firewall promises protection from spam, viruses, spoofing, phishing, spyware and DoS attacks. To do so it uses libraries, including the Convert-UUlib Perl library that provides an interface to uulib libraries, in order to be able to access different types of coded data. A buffer overflow in Convert-UUlib was discovered in April 2005 which could be exploited to infiltrate and execute malicious code via crafted BinHex files. Barracuda Networks apparently failed to notice this problem, with the result that the bug in their product was not fixed.
It was not until August 2006 that Guay-Leroux looked again at the vulnerability as part of tests of his exploit framework PIRANA and determined that the Barracuda Spam Firewall was still vulnerable. According to Guay-Leroux the vulnerability is present in firmware versions prior to 3.3.15.026 with virus definition signatures earlier than 2.0.325. He informed the manufacturer at the end of November. A reaction was forthcoming within a few days and an update was released.
- Barracuda Convert-UUlib library buffer overflow leads to remote compromise, bug report from Jean-Sébastien Guay-Leroux
- Convert-UUlib malformed parameter buffer overflow, bug report from ISS X-Force