Full Disclosure mailing list archives
Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
From: "corpus.defero" <corpus.defero () idnet com>
Date: Fri, 08 Oct 2010 09:54:29 +0100
I can't take the credit for this: http://www.exploit-db.com/exploits/15130/ The Barracuda Spam & Virus Firewall is a hardware device designed to filter out spam from email. Basically a Linux (Mandrake) device running Postfix, Spamassassin, Clam-AV, Apache and AmavisNew. Configuration of the unit is by way of a GUI (Apache derived local website) listening on port 8000. If the owner has this open to the outside world the unit is seriously at risk to remote exploit. If not the exploit is usable locally only. The exploit will allow the entire configuration to be viewed in plain text with no encryption. Potentially this is huge as the database contains usernames/passwords/back end server details/ldap & active directory credentials to name but a few. Because it contains a number of MTA's it can be used as an SMTP proxy to send spam with one simple config change (which I won't detail). Given the purpose of the unit, is somewhat ironic. This may have been fixed in newer firmwares, but there are a ton of these units out there without the ability to update because of lapsed subscriptions and Barracuda's unwillingness to allow second hand units to be upgraded. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval corpus.defero (Oct 08)
- Re: Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval advisories () zataz com (Oct 10)
- Re: Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval Eric Romang (Oct 11)