lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 25 Jan 2013 02:30:42 -0800
From: Luca Carettoni <luca.carettoni@...isoft.com>
To: SEC Consult Vulnerability Lab <research@...-consult.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SEC Consult SA-20130124-0 :: Critical SSH
 Backdoor in multiple Barracuda Networks Products

Not really a new story. Still, it's good it's back.

You may find this interesting
http://blog.nibblesec.org/2013/01/how-to-patch-your-barracuda-virtual.html

Cheers,
Luca


On Thu, 2013-01-24 at 13:00 +0100, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 20130124-0 >
> =======================================================================
>               title: Critical SSH Backdoor in multiple Barracuda Networks
>                      Products
> vulnerable products: Barracuda Spam and Virus Firewall
>                      Barracuda Web Filter
>                      Barracuda Message Archiver
>                      Barracuda Web Application Firewall
>                      Barracuda Link Balancer
>                      Barracuda Load Balancer
>                      Barracuda SSL VPN
>                      (all including their respective virtual "Vx" versions)
>  vulnerable version: all versions < Security Definition 2.0.5
>       fixed version: Security Definition 2.0.5
>              impact: Critical
>            homepage: https://www.barracudanetworks.com/
>               found: 2012-11-20
>                  by: S. Viehböck
>                      SEC Consult Vulnerability Lab
>                      https://www.sec-consult.com
> =======================================================================


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists