Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval

["corpus.defero" <corpus.defero () idnet com>]

I can't take the credit for this:

http://www.exploit-db.com/exploits/15130/

The Barracuda Spam & Virus Firewall is a hardware device designed to
filter out spam from email. Basically a Linux (Mandrake) device running
Postfix, Spamassassin, Clam-AV, Apache and AmavisNew. Configuration of
the unit is by way of a GUI (Apache derived local website) listening on
port 8000. If the owner has this open to the outside world the unit is
seriously at risk to remote exploit. If not the exploit is usable
locally only.

The exploit will allow the entire configuration to be viewed in plain
text with no encryption. Potentially this is huge as the database
contains usernames/passwords/back end server details/ldap & active
directory credentials to name but a few. Because it contains a number of
MTA's it can be used as an SMTP proxy to send spam with one simple
config change (which I won't detail). Given the purpose of the unit, is
somewhat ironic.

This may have been fixed in newer firmwares, but there are a ton of
these units out there without the ability to update because of lapsed
subscriptions and Barracuda's unwillingness to allow second hand units
to be upgraded.







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/