Barracuda Networks confirms exploitable backdoors in its appliances
Posted on 24 January 2013.
Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device.

The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances.

"Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log into a non-priveleged account on the appliance from a small set of IP addresses. The vulnerabilities are the result of the default firewall configuration and default user accounts on the unit," Barracuda explained via a tech alert published on Wednesday.

They advise customers using any of the aforementioned devices to update their security definitions to v2.0.5 immediately.

Still, according to Stefan Viehbock, the SEC Consult Vulnerability Lab researcher that discovered the vulnerabilities back in December 2012, the patch hasn't handled the one that allows both servers run by Barracuda Networks and those from other, unaffiliated entities to access SSH on all affected Barracuda Networks appliances exposed to the Internet.

If any of these servers get compromised, an attack against all affected Barracuda Networks appliances on the web is possible, so he offered a workaround for the problem in the security advisory he released about this issue.

Updating security definitions to v2.0.5 resolves also the authentication bypass vulnerability that affects the most recent version of Barracuda SSL VPN (v2.2.2.203), and which can be misused to gain unauthenticated access to the device and disable access restrictions for the "API" functionality, consequently allowing the attacker to do serious damage by downloading databases, configuration files, changing admin passwords and more.


More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 31st