lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1359109842.2986.7.camel@muller> Date: Fri, 25 Jan 2013 02:30:42 -0800 From: Luca Carettoni <luca.carettoni@...isoft.com> To: SEC Consult Vulnerability Lab <research@...-consult.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products Not really a new story. Still, it's good it's back. You may find this interesting http://blog.nibblesec.org/2013/01/how-to-patch-your-barracuda-virtual.html Cheers, Luca On Thu, 2013-01-24 at 13:00 +0100, SEC Consult Vulnerability Lab wrote: > SEC Consult Vulnerability Lab Security Advisory < 20130124-0 > > ======================================================================= > title: Critical SSH Backdoor in multiple Barracuda Networks > Products > vulnerable products: Barracuda Spam and Virus Firewall > Barracuda Web Filter > Barracuda Message Archiver > Barracuda Web Application Firewall > Barracuda Link Balancer > Barracuda Load Balancer > Barracuda SSL VPN > (all including their respective virtual "Vx" versions) > vulnerable version: all versions < Security Definition 2.0.5 > fixed version: Security Definition 2.0.5 > impact: Critical > homepage: https://www.barracudanetworks.com/ > found: 2012-11-20 > by: S. Viehböck > SEC Consult Vulnerability Lab > https://www.sec-consult.com > ======================================================================= _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists