lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 10 Feb 2005 11:27:58 -0500
From: Sean Sosik-Hamor <ssh@....com>
To: bugtraq@...urityfocus.com
Subject: Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders.


Description (www.barracudanetworks.com):
The Barracuda Spam Firewall is an integrated hardware and software 
solution for complete protection of your e-mail server. It provides a 
powerful, easy to use, and affordable solution to eliminate spam and 
viruses from your organization.

Synopsis:
Under normal circumstances, the Barracuda Spam Firewall only relays 
traffic for domains it is configured for. If a sender's domain or the 
Barracuda's own domain is whitelisted, however, all rules are bypassed 
and the Barracuda becomes an open relay for all e-mail sent from the 
whitelisted domain. This is unacceptable behavior, and whitelisted 
senders should only be able to send e-mail to domains for which the 
Barracuda is configured to relay.

Effected Versions:
<= Firmware 3.1.10 Open Relay for Whitelisted Domains
 >= Firmware 3.1.11 Fixed (Firmware 3.1.12 Released 02/09/2005)

Notes:
Although I found this bug last week while evaluating the Barracuda Spam 
Firewall Model 200 (Firmware 3.1.10), a quick search of Barracuda 
Networks' forums revealed other customers had complained about the same 
problem.

http://forum.barracudanetworks.com/bb/viewtopic.php?t=1545
http://forum.barracudanetworks.com/bb/viewtopic.php?t=1627
http://forum.barracudanetworks.com/bb/viewtopic.php?t=1535

Vendor Response via E-mail (02/08/2005):
The initial vendor response was misleading and inferred that the 
Barracuda will only become an open relay if you whitelist your own 
domain.

Under the Block/Accept -> Sender Domain Block/Accept tab, if you do not
whitelist your own domains, you do not have to worry about the relaying
issue. Open relaying means people telnet to the Barracuda on port 25,
use "mail from: anybody@...per.com" and then "rcpt to" somewhere else on
the Internet. Your Barracuda is rejecting these activities and returns
"Recipient address rejected: No such domain at this location" when the
"rcpt to" domain is not one of the "Allowed Recipient Domains."

Your test below was successful because it is the same way that mails are
sent into your network.

Vendor Response via E-mail (02/09/2005):
The second vendor response verified my findings and confirmed a fix 
would be available.

Basically anything in that causes the the email to be white listed will
bypass the scanning engine.
This is going to cause the barracuda to be a open relay, this issue is
fixed on the next release of the firmware.
The new firmware should be released by next week.

Release Notes (3.1.11):
Fix: Whitelisted senders no longer have the potential to use the 
Barracuda as a relay. Messages are rejected before acceptance instead 
of afterwards if destined for a domain not listed on the system.

/Sean/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ