Backdoors in Barracuda Applainces (and Anon “warheads”)

Your web or email traffic has likely passed through a Barracuda appliance at one point or another.

As it turns out they all have great big gaping backdoors. Might as well put hello.jpg as the MOTD.
These were official backdoors, permitting access both from Barracuda IPs and a mysterious set of IPs linked to domains that have no apparent connection to the company. Barracuda has refused to remove the backdoors.

Another one for the “don’t trust anything you don’t understand” file.

Security politics side note:
http://mashable.com/2013/01/26/anonymous-hack-government-website-declares-war/

Not sure what to make of this. It will be interesting to see if the “warheads” contain anything, but hacking a website like that seems unnecessarily illegal and risky.

http://www.net-security.org/secworld.php?id=14297
http://hardware.slashdot.org/story/13/01/24/1618243/barracuda-appliances-have-exploitable-holes-fixed-by-firmware-updates
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt


vulnerable products: Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Link Balancer
Barracuda Load Balancer
Barracuda SSL VPN
(all including their respective virtual “Vx” versions)

Vulnerability overview/description:

Advertisements
%d bloggers like this: