funsec mailing list archives
Barracuda Spam Firewall Open to Attack for 20 Months?
From: "Fergie" <fergdawg () netzero net>
Date: Thu, 7 Dec 2006 04:24:28 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via heise Security. [snip] The Barracuda Spam Firewall has been open to attacks for 20 months, according to an analysis by security specialist Jean-Sébastien Guay-Leroux. It is even possible for an attacker to open a shell on the firewall via the internet. The firewall promises protection from spam, viruses, spoofing, phishing, spyware and DoS attacks. To do so it uses libraries, including the Convert-UUlib Perl library that provides an interface to uulib libraries, in order to be able to access different types of coded data. A buffer overflow in Convert-UUlib was discovered in April 2005 which could be exploited to infiltrate and execute malicious code via crafted BinHex files. Barracuda Networks apparently failed to notice this problem, with the result that the bug in their product was not fixed. [snip] More: http://www.heise-security.co.uk/news/82149/ - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.1 (Build 1557) wj8DBQFFd5d2q1pz9mNUZTMRAsb1AJ9t0SrH11jcscPfTAUDMfWAkn5MUQCfc1Ox s4kypcZglxIVqfAvRBPpOHg= =th9n -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Barracuda Spam Firewall Open to Attack for 20 Months? Fergie (Dec 06)