Barracuda Spam Firewall Open to Attack for 20 Months?

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via heise Security.

[snip]

The Barracuda Spam Firewall has been open to attacks for 20 months,
according to an analysis by security specialist Jean-Sébastien
Guay-Leroux. It is even possible for an attacker to open a shell on the
firewall via the internet.

The firewall promises protection from spam, viruses, spoofing, phishing,
spyware and DoS attacks. To do so it uses libraries, including the
Convert-UUlib Perl library that provides an interface to uulib libraries,
in order to be able to access different types of coded data. A buffer
overflow in Convert-UUlib was discovered in April 2005 which could be
exploited to infiltrate and execute malicious code via crafted BinHex
files. Barracuda Networks apparently failed to notice this problem, with
the result that the bug in their product was not fixed.

[snip]

More:
http://www.heise-security.co.uk/news/82149/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.1 (Build 1557)

wj8DBQFFd5d2q1pz9mNUZTMRAsb1AJ9t0SrH11jcscPfTAUDMfWAkn5MUQCfc1Ox
s4kypcZglxIVqfAvRBPpOHg=
=th9n
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.