Alertas técnicos
Uma rede de suporte global de peritos. À sua disposição.
O que é um Alerta Técnico?
Os alertas técnicos são anúncios que fornecem aos clientes total transparência relativamente aos efeitos de problemas técnicos e de segurança, bem como informação sobre quando e onde os problemas são resolvidos.


Barracuda Web Application Firewall clustering problem | |
---|---|
Data | 2017-09-25 |
Produtos afetados | Barracuda Web Application Firewall |
Revisão | 1.0 |
Classificação de riscos | Low |
Detalhes | On Sep 25th, 10 APM PDT, secdef 2.1.27267 to address a problem in a previous secdef that prevented some Barracuda Web Application Firewalls from clustering properly. No other products are affected by this issue or security update. For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
|
Issue caused by NG Firewall Pattern Update | |
---|---|
Data | 2017-02-01 |
Produtos afetados | Barracuda NextGen Firewal F-Series |
Revisão | 1.0 |
Classificação de riscos | Medium |
Detalhes | On Jan 27th, 3 pm UTC new application definitions were released for the Barracuda NextGen Firewall F-Series. The included Content-Pattern file contained corrupted data resulting unresponsiveness of the firewall and high CPU load on lower capacity units. The Barracuda Network Security Team replaced the corrupted definitions at 5:45 pm UTC. |
Barracuda Web Application Firewall and Load Balancer ADC post auth remote code excecution | |
---|---|
Data | 2016-08-02 |
Produtos afetados | Barracuda Web Application Firewall, Barracuda Load Balancer ADC |
Revisão | a1.0 |
Classificação de riscos | High |
Detalhes | On Tuesday, August 2, 2016 security definition 2.1.22249 was released to address the release of a metasploit module targeting a post authentication remote code execution vulnerabily in the following products:
No other products are affected by this issue or security update. For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
|
Barracuda Web Filter, SSL Inspection, CVE-2015-0961 and CVE-2015-0962 | |
---|---|
Data | 2015-04-28 |
Produtos afetados | Barracuda Web Filter |
Revisão | a1.0 |
Classificação de riscos | High |
Detalhes | In conjunction with recent external research by CERT into SSL Inspection implementations in the market, Barracuda Network conducted an audit of the Barracuda Web Filter. On Thursday, April 16th, we released Barracuda Web Filter version 8.1.0.005 to address two issues identified in our audit. CVE-2015-0961: prior to version 8.1.0.005, the Barracuda Web Firewall fails to check the validity of upstream certificates when SSL inspection is enabled. Upgrading to version 8.1.0.005 resolves this issue and no other action is required. CVE-2015-0962: versions 7.0 through 8.1.003 ship with a set of default root CA certificates that are common across appliances. Upgrading to version 8.1.0.005 ensures that each unit has a unique default root CA certificate. Customers who have configured SSL Inspection with the default certificate should deploy new certificates following the instructions at https://techlib.barracuda.com/BWF/UpdateSSLCerts. For maximum protection, Barracuda Networks recommends that all customers ensure that their security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
|
Resolved issue that could lead to Denial of Service on Barracuda Firewall | |
---|---|
Data | 2015-02-26 |
Produtos afetados | Barracuda Firewall Release 6.6.x |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | On February 26th, 2015, Barracuda Networks released security definition 2.1.16026 which resolves an issue where an attacker could perform a Denial of Service against Barracuda Firewall Release 6.6.x. Customers are advised to update their Security Definitions to v2.1.16026 immediately. For maximum protection, Barracuda Networks recommends that all customers ensure that their security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions. |
Barracuda Networks and CVE-2015-0235 - GHOST | |
---|---|
Data | 2015-01-31 |
Produtos afetados | Multiple Products and Services |
Revisão | a1.0 |
Classificação de riscos | High |
Detalhes | On the morning of January 27th, 2015 we were notified of a vulnerability affecting the widely used glibc library. All of our products and services were found to be using affected versions of the library. Exploitation of the vulnerability requires conditions which do not exist in many of our products. Rather than delay patches by exhaustively analyzing all our products and services for the required precondition, we have elected to patch all products and services. As of Wednesday, January 28th, all of our web based services were patched with new versions of glibc. Patches for NG Firewall became available just after midnight Thursday, January 29. This afternoon, January 30th, at 18:30 PST we released Security Definition 2.1.15715. This update applies to all version of the following products manufactured after June, 2009:
For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions. |
Update to default Barracuda Networks product security configurations | |
---|---|
Data | 2015-01-16 |
Produtos afetados | Barracuda Spam v6.1.5 and earlier, Barracuda Web Filter v7.1.0 and earlier, Barracuda Message Archiver v4.0.0 and earlier, Barracuda Web Application Firewall v7.9.1 and earlier, Barracuda Link Balancer 2.6.0 and earlier, Barracuda Load Balancer v4.2.3 and earlier, Barracuda Load Balancer ADC v5.1.1 and earlier, Barracuda Firewall Version 6.1, Barracuda SSLVPN v2.6.1, Cudatel Version 3.0.5 and earlier |
Revisão | A1.0 |
Classificação de riscos | Medium |
Detalhes | This morning we released Security Definition 2.1.15570 which eliminates some accounts and configuration settings left behind from our manufacturing and testing processes. To exploit these artifacts an attacker would require physical access to the customer’s appliance or hypervisor or access to specific Barracuda Networks internal systems. There are no known cases of these accounts or settings being exploited. For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions. |
Barracuda NG Firewall v5.4.4 Hotfix 652 - SSH Security Update | |
---|---|
Data | 2014-11-12 |
Produtos afetados | Barracuda NG Firewall 5.4.x |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | We recently received a report of a race condition in the installation process of NG Firewall 5.4.x which could make the SSH management interface accessible on external interfaces. In cases where this occurs, the problem disappears after a reboot of the box or after certain configuration changes. Your system may be affected if the following conditions are met:
This morning we released Hotfix 652 to NG Firewall v5.4.4 to address this issue. It is available to customers on the download portal. For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions. |
Barracuda Networks products and CVE-2014-6277, CVE-2014-6278, and CVE-2014-7169: aftershock and two related vulnerabilities | |
---|---|
Data | 2014-10-01 |
Produtos afetados | Multiple Barracuda Products and Services |
Revisão | 1.0 |
Classificação de riscos | High |
Detalhes | This morning we released Security Definition 2.1.14193 to patch CVE-2014-6277, CVE-2014-6278, and CVE-2014-7169 (‘aftershock’ and two other related vulnerabilities) in the widely used GNU bash utility affecting a broad range of systems across the Internet. This Security Definition is available to all our appliance customers with active Energize Update subscriptions. In the aftermath of CVE-2014-6271 (shellshock), we are continuing to aggressively patch and test our products and services to secure them against new vulnerabilities being reported, and have been following industry best practices around remediation. You can find a detailed analysis of the issue and our remediation steps at http://cuda.co/shellshock. We are continuing to monitor this developing situation and will be updating this alert with additional details as they become available. |
Barracuda Networks products and CVE-2014-6271: shell shock vulnerability | |
---|---|
Data | 2014-09-27 |
Produtos afetados | Multiple Barracuda Products and Services |
Revisão | 1.0 |
Classificação de riscos | High |
Detalhes | On the morning of September 24th, 2014 we were notified of a vulnerability in the widely used GNU bash utility (CVE-2014-6271) affecting a broad range of systems across the Internet. Since then, we have been aggressively patching and testing our products and services to secure them against this vulnerability, and have been following industry best practices around remediation. On Wednesday , September 24 at 23:00 PDT we released Security Definition 2.1.14182 to patch CVE-2014-6271 for our appliance customers with active Energize Update subscriptions on the current harwdware platforms. In addition, all of our web services had also been patched as of Wednesday evening. You can find a detailed analysis of the issue and our remediation steps at http://cuda.co/shellshock. We are continuing to monitor this developing situation and will be updating this alert with additional details shortly. |
Resolved issue with Barracuda Firewall which could allow information disclosure and unauthorized access | |
---|---|
Data | 2014-05-22 |
Produtos afetados | Barracuda Firewall 6.1.0 and earlier |
Revisão | A1.0 |
Classificação de riscos | High |
Detalhes | On May 19, 2014, we released security definition 2.1.12665 to address a vulnerability that could allow a user to remove directories from the Barracuda Firewall file system under certain circumstances. |
Resolved issue with Cudatel which could allow fraudulent international calls in older firmware versions | |
---|---|
Data | 2014-05-03 |
Produtos afetados | Cudatel |
Revisão | A1.0 |
Classificação de riscos | High |
Detalhes | On April 29, 2014, we discovered a vulnerability in which fraudulent international calls could be established by an attacker. We isolated the incident to a handful of customers, and directly contacted everyone impacted. |
Barracuda Firewall and CVE-2014-0160: OpenSSL Heartbleed vulnerability update | |
---|---|
Data | 2014-04-18 |
Produtos afetados | Barracuda Firewall |
Revisão | 1.0 |
Classificação de riscos | High |
Detalhes | This Security Definition eliminates the requirement of Security Definition 2.1.12177, released on April 11, that the customer reboot the Barracuda Firewall for the patch to complete installation. Upon installation of this definition the appliance will not be vulnerable to the Heartbleed bug even if the appliance is not restarted. |
Barracuda Networks products and CVE-2014-0160: OpenSSL Heartbleed vulnerability | |
---|---|
Data | 2014-04-11 |
Produtos afetados | Barracuda Web Application Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Firewall, Barracuda Load Balancer ADC, Barracuda Load Balancer, Barracuda Link Balancer, Cudatel, Barracuda Email Security Service, Barracuda Backup Service, Barracuda Cloud Control, Copy, and SignNow |
Revisão | 1.0 |
Classificação de riscos | High |
Detalhes | On April 7, 2014 an exploitable vulnerability in OpenSSL was reported by US-CERT/NIST. OpenSSL is widely used in internet infrastructures, and this vulnerability was introduced into OpenSSL in December 2011. The vulnerability is the result of a missing bounds check in the OpenSSL code that handles the TLS 'heartbeat' messages. Someone with malicious intent can exploit this vulnerability by requesting that a running TLS server return up to 64KB of its private memory space. Since this is the same memory space where OpenSSL stores the server's private key material, an attacker can potentially obtain long-term server private keys, TLS session keys, or usernames / passwords. The vulnerability was first introduced in OpenSSL release version 1.0.1 on March 14, 2012. OpenSSL 1.0.1g, released on April 7, 2014, fixes the vulnerability. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 for additional details. We have been patching and testing our products and services to secure them against this vulnerability, and have been following the internet security industry’s recommended procedures. Securing Appliance Products
Securing Cloud Services
Affected Appliance Firmware Versions:
If any customer has questions or concerns, please contact Barracuda Networks technical support at 408-342-5400 Updated information is available and will be posted as available on Barracuda’s product management blog: http://cuda.co/heartbleed |
Resolved issue in which the Barracuda Web Application Firewall XSS protections can be evaded using specially crafted requests | |
---|---|
Data | 2013-09-11 |
Produtos afetados | Barracuda Web Application Firewall |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | On July 17, 2013, security researcher Roberto Suggi Liverani of NCIA / NCIRC reported that the cross site scripting (XSS) detection mechanisms of the Barracuda Web Application could be bypassed when the attack payload is encoded using the Data URI scheme with base64 encoding (RFC 2397). Our research team has confirmed that all versions of the Barracuda Web Application Firewall are affected. We have released Attack Definition version 1.59 on July 30, 2013 to address this threat vector. There are no known cases of any customers who have been affected. The fix works by blocking requests that have Data URIs embedded in Web based inputs. Customers who have enabled automatic updating of their Attack Definitions should verify that their current installed version is 1.59 or higher. Those customers who have disabled automatic updating of Attack Definitions should manually update to the latest Attack Definition from the ADVANCED -> Energize Updates screen. Attack Definition version 1.59 applies to all firmware versions. This will address all cases where Data URI with base64 encoding is used for injection attacks. Firmware version 7.8.1 will provide the ability to enforce additional protection to decode and inspect all base64 encoded data, even outside of Data URI format, though we are not aware of any such attacks on the server side at this time. |
Resolved issues with retrieving virus pattern updates for NG Firewalls | |
---|---|
Data | 2013-07-25 |
Produtos afetados | Barracuda NG Firewall |
Revisão | A1.0 |
Classificação de riscos | Medium |
Detalhes | This security update resolves a BUG introduced in Firmware Version 5.4.1.
Due to an update of the Malware Protection Engine the Anti-Virus service was no longer able to retrieve virus pattern updates from the Avira download servers.
Your system may be affected if the following conditions are met:
Installing Hotfix 528 is going to automatically
Affected version(s):
The issue has been resolved in version(s):
This issue does NOT affect version(s):
Hotfix 528 will also be included in firmware version 5.4.2
IMPORTANT: By updating the Malware Protection Engine the license enforcement has been changed: In case the Malware Protection license has expired, any traffic that is forwarded to the Malware Protection Engine will not be scanned and blocked. In order to not block such traffic the Anti-Virus service needs to be disabled. |
Resolved issue with persistent XSS in Barracuda Spam & Virus Firewall | |
---|---|
Data | 2013-07-11 |
Produtos afetados | Barracuda Spam & Virus Firewall |
Revisão | A1.0 |
Classificação de riscos | High |
Detalhes | On June 3, 2013, security researcher Justin Steven (justinsteven.com) reported two related instances of a remotely exploitable persistent XSS attack against the Barracuda Spam & Virus Firewall. Our research has confirmed that all versions of the Barracuda Spam & Virus Firewall are affected. Today we released Security Definition version 2.0.8 to address all known means of exploiting these issues. There are no known cases of any customers who have been affected. Customers who have enabled automatic updating of their Security Definitions should verify that their current installed version is 2.0.8 or higher. Those customers who have disabled automatic updating of Security Definitions should manually update to the latest Security Definition from the Advanced -> Energize Updates screen. Security Definition version 2.0.8 will only apply to firmware versions 3.5 and later. Barracuda Networks recommends that all customers with active Energize Updates subscriptions to upgrade to the latest available firmware release supported for their hardware platforms. Customers with hardware platforms over four years old are encouraged to take advantage of the Barracuda Networks Hardware Refresh Program described on https://www.barracuda.com/support/refresh. |
Resolved issue in which non-root shell accounts are able to read password hashes of /etc/shadow. | |
---|---|
Data | 2013-06-13 |
Produtos afetados | Barracuda NG Firewall |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | This security update resolves an internally reported vulnerability in which non-root shell accounts are able to read password hashes of /etc/shadow. Non-root shell accounts are not configured on the unit in the default configuration delivered from the factory. They are configured in Box->Administrators with "System Level Access" being set to Standard or Restricted OS Login. Configuring shell access like this is typically only done for auditing purposes to provide named administrative accounts for trusted admins. If you have not configured any shell level access to your NG Firewall then you are not vulnerable to this issue. Installing this hotfix will ensure that file permissions are properly set. Affected Software:
|
Resolved issue with allowed inbound ip addresses for remote support | |
---|---|
Data | 2013-02-04 |
Produtos afetados | Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel |
Revisão | A1.0 |
Classificação de riscos | Medium |
Detalhes | Today we released secdef 2.0.7 as part of ongoing work to address previously reported issues surrounding Barracuda Networks' ability to remotely support customers. Since Barracuda shipped the original appliances, the local firewall rules on each appliance were configured to restrict customer authorized remote access to Barracuda-owned IP addresses. To ensure our ability to support these units, the firewall was configured such that new support servers could be added without requiring updates to the appliances in the field. An attacker with access to a machine on any of the IP ranges in the vulnerability report, and with knowledge of the system internals, could gain access to an exposed appliance. However, in order to actually breach the system, the appliance must either have been deployed directly on the Internet with a public IP address or the attacker must have been on the same private network as the appliance in order for it to be exposed. To our knowledge, no system was breached as a result of this vulnerability. Additional details of the issues and a response from our CTO, Zach Levow, are available on our blog. All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected.
All unauthorized IP ranges have been removed from the default local firewall rules in all later firmware releases of the products listed above. Customer are advised to upgrade to the most current generally available release of their product.
For customers unable to upgrade their firmware, we have also removed unauthorized IP ranges in Security Definition 2.0.7 provided to our customers on 2/4/2013. Such customers are advised to update their Security Definitions to v2.0.7 immediately.
While this update further reduces potential attack vectors, our support department is available to answer any questions on fully disabling this functionality if support access is not desired.
Note: secdef 2.0.6 was an internal development definition only and was not released to the public. |
Resolved issue with ssh access to units deployed outside the firewall | |
---|---|
Data | 2013-01-28 |
Produtos afetados | Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel |
Revisão | A1.1 |
Classificação de riscos | Medium |
Detalhes | Revision A1.1: revised 2013-01-28 to put version numbers on Affected Product(s) and correct erroneous report that Barracuda Link Balancer and Barracuda Load Balancer are affected On Nov 29, 2012, Stefan Viehböck of SEC Consult Vulnerability Lab (https://www.sec-consult.com), reported two issues affecting the Barracuda SSLVPN that an attacker could use to gain unauthorized access to the appliance. Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log into a non-priveleged account on the appliance from a small set of IP addresses. The vulnerabilities are the result of the default firewall configuration and default user accounts on the unit. All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected.
Customers are advised to update their Security Definitions to v2.0.5 immediately. While this update drastically minimizes potential attack vectors, our support department is available to answer any questions on fully disabling this functionality if support access is not desired. |
Resolved issue with access to potentially insecure files on Barracuda SSL VPN | |
---|---|
Data | 2013-01-23 |
Produtos afetados | Barracuda SSL VPN |
Revisão | A1.0 |
Classificação de riscos | Medium |
Detalhes | Today, Barracuda Networks issued security definition 2.0.5 (2013-01-23) to update the product info file structure in affected firmware versions 2.2.2.203 and below to prevent access to any potentially insecure files. Stefan Viehböck of SEC Consult Vulnerability Lab (https://www.sec-consult.com) collaborated with Barracuda Networks to report and resolve this issue. Customers are advised to update their Security Definitions to v2.0.5 immediately. For maximum protection, Barracuda Networks recommends that all customers ensure that their security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions. |
Resolved parameter validation issue with Barracuda Web Application Firewall for authenticated administrators | |
---|---|
Data | 2013-01-12 |
Produtos afetados | Barracuda Web Application Firewall |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researcher Adam Chester, an independent security consultant, discovered and worked with Barracuda Networks to resolve a cross-site scripting vulnerability in the Barracuda Web Application Firewall that affects authenticated administrators. Under certain circumstance it is possible for potential attackers to insert scripting code into parameters after logging into the Barracuda Web Application Firewall. Barracuda Networks resolved this issue identified by Adam Chester in firmware release 7.7 (2012-10-04). For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Resolved issue with ISC BIND with Barracuda NG Firewall and Barracuda Link Balancer | |
---|---|
Data | 2012-10-16 |
Produtos afetados | Barracuda NG Firewall, Barracuda Link Balancer |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researchers discovered an issue with ISC BIND where a remote attacker can cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
Barracuda Networks resolved this issue by updating the embedded ISC BIND and making generally available firmware releases for the following products:
For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Resolved parameter validation issue with the Barracuda SSL VPN for authenticated users | |
---|---|
Data | 2012-07-16 |
Produtos afetados | Barracuda SSL VPN |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researcher Benjamin Kunz Mejri at Vulnerability Research Laboratory (www.vulnerability-lab.com) discovered and worked with Barracuda Networks to resolve a cross-site scripting vulnerability in the Barracuda SSL VPN for authenticated users to the Barracuda SSL VPN. Under certain circumstance where a user has logged into the Barracuda SSL VPN over the internet, it is possible for potential attackers to insert scripting code into parameters. Barracuda Networks resolved this issue identified by Benjamin Kunz Mejri in firmware release 2.2.2.203 (2012-07-05). For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Resolved issue with Cudatel which could allow fraudulent international calls in older firmware versions | |
---|---|
Data | 2012-07-16 |
Produtos afetados | Cudatel |
Revisão | A1.0 |
Classificação de riscos | High |
Detalhes | On April 29, 2014, we discovered a vulnerability in which fraudulent international calls could be established by an attacker. We isolated the incident to a handful of customers, and directly contacted everyone impacted. On April 29, 2014, an automated firmware update was made available to all Cudatel customers running firmwares 2.6.6 and later to resolve the internally reported issue. May 3, 2014, secdef 2.1.12437 was released to patch units running firmwares 2.6.5 and earlier. For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions. |
Temporary suspension of spam and virus definition updates | |
---|---|
Data | 2011-05-26 |
Produtos afetados | Barracuda Spam & Virus Firewalls |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | Between May 24, 3:45 PDT and May 25, 16:00 PDT, Barracuda Central temporarily suspended automatic spam and virus definition updates for Barracuda Spam & Virus Firewall. During this period, customers remained fully protected by the Barracuda Real-Time System. The reason for temporary suspension was an investigation related to spam definition 3.2.2.64662 (2011-05-24 034013 PST) that exposed an already resolved software defect in firmware releases 4.0 and 4.1. Once the defect was identified, automated definition updates were resumed. Customers running firmware release 5.0.0.003 and higher were unaffected. Barracuda Networks recommends updating to the latest firmware release 5.0.0.022 and enabling automatic spam and virus definition updates. The setting can be enabled by going to Advanced -> Energize updates page. |
Misclassified URL delivered with spam definition update 3.2.2.61354 | |
---|---|
Data | 2011-04-20 |
Produtos afetados | Barracuda Spam & Virus Firewalls |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On April 19, 2011 at 4:18 PM PDT, spam definition 3.2.2.61354 (2011-04-19 16:18) contained a misclassified URL that could have resulted in the delay of a small number of legitimate emails with a reason of "Intent". This cause of this issue was operational in nature and was corrected on April 20, 2011 at 1:03 AM PDT in spam definition 3.2.2.61389 (2011-04-20 01:03). As part of the of the correction, all messages improperly stopped will be automatically released and delivered within 24 hours of the original delivery attempt. If you believe that some emails still have not been delivered, please contact Barracuda Networks Technical Support. Safeguards have been implemented into Barracuda Central operations to avert future similar misclassifications. |
Resolved issue with miscategorized email in select Barracuda Spam & Virus Firewalls | |
---|---|
Data | 2011-04-07 |
Produtos afetados | Barracuda Spam & Virus Firewalls running firmware release 4.0 and higher |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On April 7, 2011 at 9:05AM PDT, a human error occurred at Barracuda Central that could have resulted in a small number of legitimate emails being classified as spam. The root cause of this issue was operational in nature. At 9:48AM PDT, Barracuda Central engineers resolved the issue. Please note that customers running firmware release 4.0 and higher may see messages initially logged in the user interface with a delivery status of “blocked” that may have been ultimately delivered to end users. Customers concerned that emails in this period were not delivered should contact Barracuda Networks Technical Support. Preventative measures have been implemented into Barracuda Central operations to avert future miscategorization. |
Barracuda Spam & Virus Firewalls may have disabled automated spam definitions upon receiving spam update 3.2.2.42448 | |
---|---|
Data | 2010-10-04 |
Produtos afetados | Barracuda Spam & Virus Firewalls Serial #BAR-SF-166331 and higher |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | On October 1, 2010 at 12:55 PM PDT, a faulty spam definition 3.2.2.42448 contained a corrupted file that may have disabled some Barracuda Spam & Virus Firewalls, serial # BAR-SF-166331 and higher, from receiving future automated spam definitions. The cause of the corrupted spam definition has been identified and resolved, and additional measures have been put in place to prevent this issue from occurring in the future. To resolve this issue, customers who have affected Barracuda Spam & Virus Firewalls that still see spam definition 3.2.2.42448 as their current installed version, should go to the Advanced -> Energize Updates page and click on the Update button to trigger a manual update of their spam definition to version 3.2.2.42720(2010-10-04) or higher. Upon triggering a manual spam definition update affected appliances will then receive future automated spam definitions. |
Sanitized inputs to online help viewer in select Barracuda Networks appliances | |
---|---|
Data | 2010-09-28 |
Produtos afetados | Barracuda IM Firewall 3.4.01.004 and earlier Barracuda Link Balancer 2.1.1.010 and earlier Barracuda Load Balancer 3.3.1.005 and earlier Barracuda Message Archiver 2.2.1.005 and earlier Barracuda Spam & Virus Firewall 4.1.2.006 and earlier Barracuda SSL VPN 1.7.2.004 and earlier Barracuda Web Application Firewall 7.4.0.022 and earlier Barracuda Web Filter 4.3.0.013 and earlier |
Revisão | A1.0 |
Classificação de riscos | Medium |
Detalhes | Today, Barracuda Networks issued security definition 2.0.4 (2010-09-28) to update the online help viewer in affected firmware versions to prevent inputs of parameters attempting directory traversals. In addition, Barracuda Networks released updated firmware versions on all affected products. Security researchers Randy Janinda and Sanjeev Sinha, Security Consultants at SecureWorks collaborated with Barracuda Networks to report and resolve this issue. For maximum protection, Barracuda Networks recommends that all customers ensure that their security definitions are set to On and to upgrade to the latest generally available release of the firmware. |
Updated keys and authentication mechanism between Barracuda Networks appliances and Barracuda Central | |
---|---|
Data | 2010-07-02 |
Produtos afetados | All Barracuda Networks Products |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes |
Recently, Barracuda Networks issued security definition 2.0.3 (2010-07-01) to update the keys and authentication mechanism of Barracuda Networks appliances with Barracuda Central servers that deliver Energize Updates and new firmware. This change better protects the account status of legitimate Barracuda Networks customers against those who attempt to clone or forge their credentials. |
Resolved vulnerability in the TLS/SSL protocol during session renegotiation in select Barracuda Networks products | |
---|---|
Data | 2009-12-04 |
Produtos afetados | Barracuda IM Firewall Release 4.1 and earlier Barracuda Link Balancer Release 1.3.1.006 and earlier Barracuda Load Balancer Release 3.0 and earlier Barracuda Message Archiver Release 2.1.0.014 and earlier Barracuda Spam & Virus Firewall Release 4.0.1.009 and earlier Barracuda SSL VPN Release 1.5.0.028 and earlier Barracuda Web Application Firewall Release 7.3.1.007 and earlier Barracuda Web Filter Release 4.2.0.010 and earlier |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes |
Recently, security researchers discovered an issue where arbitrary code could be injected into the beginning of a TLS/SSL session during key renegotiation by a remote attacker conducting a man-in-the-middle (MITM) attack. In order for code to be injected an attacker would need access to a network along the path of communication between the client and the server. Details of the vulnerability can be viewed here:
|
Resolved incidence of displaying incorrect subscription and activation status being reported in select Barracuda Networks products | |
---|---|
Data | 2009-09-22 |
Produtos afetados | Barracuda IM Firewall Release 3.4 and later Barracuda Link Balancer Release 1.1 and later Barracuda Load Balancer Release 2.4 and later Barracuda Message Archiver Release 2.0 and later Barracuda Spam & Virus Firewall Release 4.0 and later Barracuda SSL VPN Release 1.0 and later Barracuda Web Application Firewall Release 7.3 and later Barracuda Web Filter Release 4.2 and later |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | At approximately 8:30AM PDT, one server in the Barracuda Networks update infrastructure experienced a database corruption. As a side effect of this incident, a subset of customer systems running newer firmware releases querying for subscription and activation status received invalid responses. Upon receiving these invalid responses, the affected Barracuda Networks products displayed error messages indicating an inactivated state. Other than potential interactions with the graphical user interface when changing configurations or after a hard reboot, Barracuda Networks products continued to operate in their normal capacity. At approximately 8:45AM PDT, the affected server was taken offline and a redundant server was put in production to properly respond to subscription and activation status queries. By 10:00AM PDT, all affected Barracuda Networks products in the field should have been displaying proper activation and subscription status. Since this incident, Barracuda Networks has implemented software mitigation techniques to detect this form of database corruption and to suppress invalid query responses going forward. Barracuda Networks resolved this issue and all affected products should report the correct status. If any Barracuda Networks products still report the wrong subscription or activation status, please contact Barracuda Networks Technical Support. |
Resolved issues with legacy Barracuda Spam & Virus Firewalls SNMP queue monitoring and troubleshooting utilities | |
---|---|
Data | 2009-08-18 |
Produtos afetados | Barracuda Spam & Virus Firewall Release 3.5.10 and 3.5.11 |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | As a side effect of the recent security definition 2.0.1 (2009-08-14), legacy Barracuda Spam & Virus Firewalls running Firmware Release 3.5.10 and 3.5.11 experienced issues with SNMP queue monitoring and troubleshooting utilities. Barracuda Networks reverted these changes on these older firmware versions through security definition 2.0.2 (2009-08-18) to resolve the issues with SNMP queue monitoring and troubleshooting utilities. With this change, administrators are encouraged to upgrade Barracuda Spam & Virus Firewalls running Firmware Release 3.5.10 and 3.5.11 the latest generally available release to be protected from the Barracuda Console Configuration Tool issue discovered by security researcher Jon Oberheide For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware 3.5.12.023 (2009-08-18) and ensure that security definitions are set to On. |
Resolved input field validation issues associated with the Barracuda Console Configuration Tool in select Barracuda Networks products. | |
---|---|
Data | 2009-08-14 |
Produtos afetados | Barracuda IM Firewall Release 3.4 (generally available: 2009-04-14) and earlier Barracuda Link Balancer Release 1.1.028 (generally available: 2009-03-17) and earlier Barracuda Load Balancer Release 2.5.011 (generally available: 2009-04-06) and earlier Barracuda Message Archiver Release 1.1.0.010 (generally available: 2008-03-03) and earlier Barracuda Spam & Virus Firewall Release 3.5.12.012 (generally available: 2009-04-14) and earlier Barracuda SSL VPN Release 1.2.6.004 (generally available: 2009-03-11) and earlier Barracuda Web Application Firewall Release 7.2.2.005 (generally available: 2009-05-05) and earlier Barracuda Web Filter Release 4.1.0.013 (generally available: 2009-04-16) and earlier |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researcher Jon Oberheide (jon@oberheide.org) discovered and worked with Barracuda Networks to resolve a field input validation issue in the Barracuda Console Configuration Tool. Reproducing the issue requires physical access to the Barracuda Networks appliance itself through physical keyboard and monitor connections. The issue does not apply to any access over networking protocols. Barracuda Networks resolved this issue identified by Jon Oberheide (jon@oberheide.org) by making generally available firmware releases for the following products and issuing a security definition 2.0.1 (2009-08-14):
For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware and ensure that security definitions are set to On. |
Barracuda Networks warns against rogue antivirus program | |
---|---|
Data | 2009-06-11 |
Produtos afetados | N/A |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | On June 10, 2009, Barracuda Networks Inc, the worldwide leader of content security appliances, became aware of a Web Site promoting a rogue spyware program called “Barracuda Antivirus.” If downloaded, the program will install spyware that will display pop-up ads and other unwanted applications. The “Barracuda Antivirus” program is not in any way associated with Barracuda Networks and is just one of a string of recent examples of hackers attempting to spread malicious programs using an established and trusted security brand. All Barracuda Networks products have been updated with the latest definitions to protect our customers from visiting or downloading content from this rogue site. Barracuda Networks has also contacted fellow Internet security vendors to ensure that their databases are also updated to protect customers from inadvertently accessing the Web sites. |
Barracuda Load Balancer resolved parameter validation issue with the Login page | |
---|---|
Data | 2009-02-03 |
Produtos afetados | Barracuda Load Balancer Release 2.3.024 (generally available: 2008-10-20) and earlier |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | Recently, security researcher Jan Skovgren, Security Consultant at FortConsult (www.fortconsult.com) discovered and worked with Barracuda Networks to resolve a cross-site scripting vulnerability in the Barracuda Load Balancer login page. Under certain circumstance where the Barracuda Load Balancer management user interface is accessible over the Internet, it was possible for potential attackers to insert Javascript code into parameters. Barracuda Networks resolved this issue identified by Jan Skoygren in firmware release 2.4.006 (2008-12-15). For maximum protection, Barracuda Networks recommends that all customers either restrict Internet access to the management user interface from their network firewalls or upgrade to the latest generally available release of the firmware. |
Resolved input field validation and HTML encoding issues in select Barracuda Networks products | |
---|---|
Data | 2008-12-15 |
Produtos afetados | Barracuda Message Archiver Release 1.1.0.010 (2008-02-15) and earlier Barracuda Spam Firewall Release 3.5.11.020 (2008-02-26) and earlier Barracuda Web Filter Release 3.3.0.038 (2008-02-19) and earlier Barracuda IM Firewall Release 3.0.01.008 (2008-02-05) and earlier Barracuda Load Balancer Release 2.2.006 (2008-09-05) and earlier |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researcher Dr. Marian Ventuneac of Data Communication Security Laboratory, Department of Electronic and Computer Engineering at University of Limerick, discovered and worked with Barracuda Networks to resolve input field validation and HTML encoding issues in select Barracuda Networks products that resulted in cross-site scripting vulnerabilities in specific screens and fields. Reproducing all of these issues required that administrators log in to the appliance. Barracuda Networks resolved all of the issues identified by Dr. Ventuneac by making generally available firmware releases for the following products:
The CERT CVE number for these reported issues is CVE-2008-0971. For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Barracuda Spam Firewall resolved potential issue associated with the Users -> Accounts View page | |
---|---|
Data | 2008-12-15 |
Produtos afetados | Barracuda Spam Firewall Release 3.5.11.020 (2008-02-26) and earlier |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researcher Dr. Marian Ventuneac of Data Communication Security Laboratory, Department of Electronic and Computer Engineering at University of Limerick, discovered and worked with Barracuda Networks to resolve a potential issue in the Barracuda Spam Firewall Users -> Account View page. Reproducing the issue requires administrators to first log in to the Barracuda Spam Firewall, visit the Users -> Account View page and select the 'Message Count =' search filter from a list of over a dozen search filters. In the pattern field, it was possible to inject SQL which could lead to direct access to the configuration database. Barracuda Networks resolved this issue identified by Dr. Ventuneac of Data Communication Security Laboratory by making generally available firmware release 3.5.12.007 (2008-10-24). The issue itself carried a low risk rating, because it required access as a global administrator that already has unrestricted read/write access to the configuration database through the application itself. The CERT CVE number for this reported issue is CVE-2008-1094. For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Configuration changes to all Barracuda Spam Firewalls upon upgrade to Firmware Release 3.5.12 | |
---|---|
Data | 2008-07-22 |
Produtos afetados | Barracuda Spam Firewall Release 3.5.12 |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On July 14, 2008, Barracuda Networks released Barracuda Spam Firewall Release 3.5.12.001 into beta release. Upon upgrading to firmware release 3.5.12, three one-time configuration changes will be made to your Barracuda Spam Firewall:
These changes will be made only once. If you want to re-enable bounce messages and reinsert the affected Spamhaus external block lists, you may do so manually after the upgrade. Barracuda Networks recommends that you create a new backup of your configuration after upgrading to firmware release 3.5.12. |
Barracuda Spam Firewall resolved vulnerability associated with LDAP test script | |
---|---|
Data | 2008-05-22 |
Produtos afetados | Barracuda Spam Firewalls |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | Recently, security researcher Mark Crowther of Information Risk Management (research@irmplc.com / www.irmplc.com) discovered and worked with Barracuda Networks to resolve a cross-site scripting vulnerability in the Barracuda Spam Firewall ldap_test.cgi script. If a Barracuda Spam Firewall had unrestricted access from the Internet and no Administrator IP/Range configured, JavaScript code could be inserted in the parameters allowing for the possibility of cross-site scripting attacks. Barracuda Networks resolved this issue identified by Information Risk Management by making generally available firmware release 3.5.11.025 (2008-05-16). For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Legacy Barracuda Spam Firewalls queued inbound email upon receiving virus update 2.2.18205 | |
---|---|
Data | 2008-03-12 |
Produtos afetados | Barracuda Spam Firewall Release 3.4.10.087 (2007-01-09) and earlier |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On March 11, 2008 at 4:45 PM PDT, virus definition 2.2.18205 contained an incompatibility with Barracuda Spam Firewalls running legacy firmware release 3.4.10.087 and earlier, using current virus definitions. This incompatibility was the result of an invalid reference in the virus system maintenance routines and triggered the “hold down” protections in the Barracuda Spam Firewall. To protect our customers against potential errors in the virus system maintenance, the Barracuda Spam Firewall has a built-in precautionary “hold down” feature that automatically prevents email from being sent and keeps potentially infected emails from being delivered. Any Barracuda Spam Firewall in the field running legacy firmware that received virus definition 2.2.18205 immediately began to queue all incoming messages. Because the change affected the virus system maintenance routines, reverting and updating virus definitions did not resolve the issue. At 9:00 PM PDT, spam definitions 3.0.69866 and 3.1.44577 were released that contained configuration settings and a forced restart of the email scanning engine to mitigate the issue. For all affected customers, Barracuda Spam Firewalls resumed normal processing of email once they downloaded the new spam definition. No email should have been lost as the result of this delay. Barracuda Networks customers are strongly advised to update to the latest generally available firmware release for the most up-to-date protection against Internet threats. |
Barracuda Spam Firewall resolved user interface issue when Monitor Web Syslog screen is open | |
---|---|
Data | 2007-09-19 |
Produtos afetados | Barracuda Spam Firewalls Release 3.5.10.013 and earlier |
Revisão | A1.0 |
Classificação de riscos | Low |
Detalhes | Recently, security researcher Federico Kirschbaum reported an issue in the Barracuda Spam Firewall Web administration interface to Barracuda Networks. A cross-site scripting vulnerability existed when logging in with a username containing JavaScript injections only while the “Monitor Web Syslog” screen was already opened by an authenticated user. The risk rating of this issue is low, because the usage of the “Monitor Web Syslog” screen is largely a diagnostic utility and not typically used once syslog outputs are set up in production environments. Barracuda Networks resolved this issue identified by Mr. Kirschbaum with generally available firmware release 3.5.10.016 (2007-09-06). For maximum protection, Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Barracuda Spam Firewall resolved vulnerability associated with use of zoo file decompression utility | |
---|---|
Data | 2007-05-04 |
Produtos afetados | Barracuda Spam Firewalls |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | Zoo is an archive file format and legacy compression program that was popular in the mid-1980s. To support decompression of legacy zoo file archives used in virus checking and enforcing file attachment policy, the Barracuda Spam Firewall includes the zoo program. Recently, security researcher Jean-Sébastien Guay-Leroux discovered an implementation error in the zoo program which could result in an infinite loop and high utilization of system resources in certain solutions. |
Legacy Barracuda Spam Firewalls queued inbound email upon receiving virus update 2.1.6 | |
---|---|
Data | 2007-03-30 |
Produtos afetados | Barracuda Spam Firewall Release 3.3 and earlier |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On March 29, 2007 at 5:00 PM PDT, virus definition 2.1.6 targeted at recent Internet threat activity contained an incompatibility with legacy Barracuda Spam Firewall firmware releases 3.3 and earlier. To protect our customers against potential errors with incompatible versions, the Barracuda Spam Firewall has a built-in precautionary feature which automatically prevents email from being sent and keeps potentially infected emails from being delivered. Any Barracuda Spam Firewall in the field running legacy firmware that had received virus definition 2.1.6 immediately began to queue all incoming messages until a backward compatible virus definition became available. At 9:16 PM PDT, a backward compatible virus definition 2.1.18o was released. For all affected customers, Barracuda Spam Firewalls resumed normal processing of email once they downloaded the new definition, and no email should have been lost as the result of this delay. Barracuda Networks customers are strongly advised to update to the latest generally available firmware release for the most up-to-date protection against Internet threats. |
Changes to Daylight Savings Time in U.S. supported by all Barracuda Networks products | |
---|---|
Data | 2007-02-09 |
Produtos afetados | All Barracuda Networks Products |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | The annual start and end dates for Daylight Savings Time (DST) in the United States will be changing on March 11, 2007, due to the Energy Policy Act of 2005 (USA: Public Law 109-58 / 109th Congress / Section 110). Clocks in the United States will need to "Spring Forward" one hour on the second Sunday in March (three weeks earlier than the previous first Sunday in April), and will "Fall Back" one hour on the first Sunday in November (one week later than the previous last Sunday in October). Support for this change to DST is currently available in all Barracuda Networks products running the following firmware versions:
Any systems that are not already on at least the firmware versions named above should be upgraded as soon as possible to the latest available version. |
Incorrect fingerprint definition delivered with virus definition update 2.0.3936 | |
---|---|
Data | 2007-02-06 |
Produtos afetados | Barracuda Spam Firewall Release 3.4 and higher |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On February 6, 2007 at 8:35 am PST, a virus definition was released that contained an incorrect spam fingerprint definition (virus definition 2.0.3936) to Barracuda Spam Firewalls running firmware release 3.4 and higher. This incorrect definition was removed by 9:15 am PST on the same day with virus definition 2.0.3939. Affected messages were blocked with a reason code of Fingerprint (TXT1). Please note that customers running firmware release 3.4 may see messages initially logged in the user interface with a delivery status of "blocked" that may have been ultimately delivered to end users through a subsequent update. Customers are advised to check for any potential false positives blocked for fingerprint definition TXT1 that were not subsequently delivered to end users. The root cause of this issue was operational in nature. Preventative measures have been implemented into Barracuda Central operations. |
Virus definition 2.03606o delivered to all Barracuda Spam Firewalls | |
---|---|
Data | 2007-02-01 |
Produtos afetados | Barracuda Spam Firewall Release 3.4 and higher |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | Barracuda Central maintains two different forms of virus definition files. One form is used specifically for Barracuda Spam Firewalls running firmware release 3.4 and higher. The other form is denoted with a suffix of "o" in the version number and is used for the Barracuda Web Filter, Barracuda IM Firewall, and any Barracuda Spam Firewalls running versions earlier than release 3.4. On February 1, 2007 at 2:07am PST, Barracuda Central published virus definition 2.0.3606o to all Barracuda Spam Firewalls, creating a mismatch for those releases running firmware release 3.4 and higher. Upon detecting an incorrect virus definition file, Barracuda Spam Firewalls in the field immediately invoked a built-in precautionary mechanism to prevent potentially harmful emails from being sent. By 2:38am PST, a new virus definition file 2.0.3607 was issued to remedy this situation. During this period, the Barracuda Spam Firewalls accepted all messages and simply deferred them in a queue until they downloaded a new virus definition automatically. No email was lost as the result of this issue. This event was unrelated to the operational issue described in Technical Alert No. 20070131. |
Incorrect fingerprint definition delivered with virus definition update 2.0.3568 | |
---|---|
Data | 2007-01-31 |
Produtos afetados | Barracuda Spam Firewall Release 3.4 and higher |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On January 31, 2007 at 2:20 pm PST, a virus definition was released that contained an incorrect spam fingerprint definition (virus definition 2.0.3568) to Barracuda Spam Firewalls running firmware release 3.4 and higher. This incorrect definition was removed by 3:15pm PST on the same day with virus definition 2.0.3572. Affected messages were blocked with a reason code of Fingerprint (IMG6370628). Please note that customers running firmware release 3.4 may see messages initially logged in the user interface with a delivery status of "blocked" that may have been ultimately delivered to end users through a subsequent update. Customers are advised to check for any potential false positives blocked for fingerprint definition IMG6370628 that were not subsequently delivered to end users. The root cause of this issue was operational in nature. Preventative measures for this particular issue have already been implemented into Barracuda Central operations. |
Barracuda Web Filter “Proxies” content filter category errors in content filter definition 1.0.387 | |
---|---|
Data | 2007-01-24 |
Produtos afetados | Barracuda Web Filter |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On January 23, 2007 at 8:57pm PST, a content filter definition was released that had errors in the “Proxies” category (content filter definition 1.0.387). With this definition, Barracuda Web Filter policies blocking the “Proxies” content category also blocked certain sites normally categorized under the “Search Engine & Portals” category. By January 24, 2007 at 7:23am PST, a new content filter definition (1.0.389) was published. All Barracuda Web Filter systems in the field with active Energize Updates subscriptions should have been automatically updated with the corrected content filter definition by 10:38am PST the same day. The cause of these errors was an operational error at Barracuda Central, and it has been resolved. Additional quality assurance processes including both human and software checks have been implemented to avoid this problem in the future. |
Barracuda Spam Firewall protects Adobe Reader users against cross-site scripting (XSS) vulnerability | |
---|---|
Data | 2007-01-04 |
Produtos afetados | Barracuda Spam Firewall |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | The Barracuda Spam Firewall incorporates rules that protect users from a potentially harmful vulnerability in Adobe Reader. The Adobe Reader vulnerability affects those users who utilize the Adobe Reader plug-in that enables Adobe Acrobat Portable Document Format (PDF) files to be opened from within their Web browsers. To facilitate features such as populating fields in Acrobat forms, the Adobe Reader contains the ability to pass URL parameters in Web links to the Adobe Reader plug-in. However, if scripts are embedded within the URL parameters, an attacker can run code in the user’s Web browser. The exploit can be run against PDF documents posted on reputable Web sites without requiring an attacker to compromise that site in any way. To prevent the proliferation of emails that could exploit this vulnerability, the Barracuda Spam Firewall now incorporates rules that look for URLs referencing PDF files that contain URL parameters. When scored with indicators of scripting, the Barracuda Spam Firewall will automatically block these messages, protecting users from potentially dangerous attacks. All existing Barracuda Spam Firewall customers with active Energize Updates subscriptions are currently protected against this vulnerability. Existing customers running the version 3.0 spam rule definitions should ensure that their version number is at 3.0.30651 or higher. Existing customers running the version 3.1 spam rule definitions should ensure that their version number is 3.1.5316 or higher. Messages blocked by these rules can be identified with the rule name PDF_EXPLOIT in the Barracuda Spam Report Rule Breakdown in the blocked message headers. |
Barracuda Spam Firewall resolved vulnerability associated with use of message encoder/decoder library | |
---|---|
Data | 2006-12-05 |
Produtos afetados | Barracuda Spam Firewall |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | To support multiple types of message encoding, the Barracuda Spam Firewall utilizes an underlying encoder/decoder library known commonly as Convert-Uulib. Older versions of this underlying library contained a security vulnerability if called with invalid values. Barracuda Networks credits security researcher Jean-Sébastien Guay-Leroux on his research of this vulnerability and its impact on the Barracuda Spam Firewall running versions earlier than 3.4.09. As part of normal ongoing feature development, Barracuda Networks updated the underlying encoder/decoder library with firmware release 3.4.09 and later. The most current generally available releases of firmware are not subject to this known vulnerability. Moreover, on November 29, 2006, system settings were delivered to all Barracuda Spam Firewalls in the field via Energize Updates to disable the underlying mechanisms behind this known vulnerability. No Barracuda Spam Firewalls with current Energize Updates subscriptions should be subject to the vulnerability identified by Mr. Guay-Leroux. Barracuda Networks recommends that all customers upgrade to the latest generally available release of the firmware. |
Barracuda Spam Firewall disabled vulnerabilities for file disclosure and guest access | |
---|---|
Data | 2006-08-03 |
Produtos afetados | Barracuda Spam Firewall |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | Barracuda Networks had been working with a security researcher, Greg Sinclair - security (at) nnlsoftware (dot) com - on two past vulnerabilities related to both file disclosure and guest access. On August 3, 2006, system settings were delivered to all Barracuda Spam Firewalls in the field via Energize Updates to disable the underlying mechanisms behind these vulnerabilities. As such, no Barracuda Spam Firewalls with current Energize Updates subscriptions should be affected by these vulnerabilities. As part of the test rollout, these settings were initially delivered with the upgrade to early release firmware 3.4.05.017 on July 14, 2006. These settings were later successfully delivered with the upgrade to generally available firmware 3.3.03.055 on July 18, 2006. While it is generally recommended that customers upgrade to the latest release, these upgrades are no longer necessary for protection against these specific vulnerabilities identified by Mr. Sinclair. To avoid future vulnerabilities, Barracuda Networks recommends that customers restrict unnecessary external Web access to their Barracuda Spam Firewalls. Barracuda Networks credited Mr. Sinclair with his discovery in the release notes for firmware release 3.4.05.017. |
Barracuda Spam Firewall queued inbound email upon receiving virus update 1.5.144 | |
---|---|
Data | 2006-06-13 |
Produtos afetados | Barracuda Spam Firewall |
Revisão | A1.0 |
Classificação de riscos | None |
Detalhes | On June 13, 2006 at 4:53 AM PDT today, a faulty virus definition was released that had an incomplete virus database (virus definition 1.5.144). To protect our customers in the event such a circumstance occurred, the Barracuda Spam Firewall has a built in precautionary feature which automatically prevents email from being sent through in order to keep potentially infected emails from being delivered. Any Barracuda Spam Firewall in the field that had received virus definition 1.5.144 immediately began to queue all incoming messages until the complete virus database became available. At 7:02 AM PDT, the majority of Barracuda Spam Firewalls automatically received virus definition 1.5.145 containing the complete virus database, and email began to process normally for those customers previously affected. The cause of the incomplete virus definition has been identified and resolved, and additional measures have been put in place to prevent this issue from occuring in the future. |