Vissza a www.andrews.hu-ra

    [guru] Barracuda biztonsagi frissitesek

    DATE: Mon, 26 Jan 2009 22:13:44 +0100 
    A Barracuda Networks Spam Firewall több SQL injection hibát is tartalmaz.

A Barracuda Networks Message Archiver terméke több XSS hibát is tartalmaz,
van közöttük azonnali, valamint tárolt adaton át ható verzió is.
    --- Begin Message --- 
    CVE Number: CVE-2008-1094
Vulnerability: SQL Injection 
Risk: Medium
Attack vector: From Remote

Vulnerability Discovered: 16th June 2008
Vendor Notified: 16th June 2008
Advisory Released: 15th	December 2008


Abstract

Barracuda Networks Spam Firewall is vulnerable to various SQL Injection attacks. When exploited by an authenticated user, the identified vulnerability can lead to Denial of Service, Database Information Disclosure, etc.


Description

The index.cgi resource was identified as being susceptible to SQL Injection attacks. 
When filtering user accounts in Users->Account View section, the pattern_x parameter (where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set to search_count_equals? value.

/cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=
per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&pattern_0=if(database() like concat(char(99),char(37)),5,0)

An attacker can exploit this vulnerability by injecting arbitrary SQL code to be executed as part of the SQL query.


Original Advisory:

http://dcsl.ul.ie/advisories/02.htm


Barracuda Networks Technical Alert

http://www.barracudanetworks.com/ns/support/tech_alert.php


Affected Versions

Barracuda Spam Firewall (Firmware v3.5.11.020, Model 600)

Other products/versions might be affected.


Mitigation

Vendor recommends to the following firmware version

Barracuda Spam Firewall (Firmware v3.5.12.001)

Alternatively, please contact Barracuda Networks for technical support.


Credits

Dr. Marian Ventuneac, marian.ventuneac@ul.ie
Data Communication Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick


Disclaimer

Data Communication Security Laboratory releases this information with the vendor acceptance. DCSL is not responsible for any malicious application of the information presented in this advisory.

    --- End Message ---
    --- Begin Message --- 
    
CVE Numbers: CVE-2008-0971

Vulnerabilities: Multiple Cross-Site Scripting (Persistent & Reflected)

Risk: Medium

Attack vector: From Remote



Vulnerabilities Discovered: 16th June 2008

Vendor Notified: 16th June 2008

Advisory Released: 15th	December 2008





Abstract



Barracuda Networks Message Archiver product is vulnerable to persistent and reflected Cross-Site Scripting (XSS) attacks. Barracuda Spam Firewall, IM Firewall and Web Filter products are vulnerable to multiple reflected XSS attacks. When exploited by an authenticated user, the identified vulnerabilities can lead to Information Disclosure, Session Hijack, 

access to Intranet available servers, etc.





Description



The index.cgi resource was identified as being susceptible to multiple persistent and reflected Cross Site Scripting (XSS) 

attacks. 



a. Persistent XSS in Barracuda Message Archiver 



In Search Based Retention Policy, the Policy Name field allows persistent XSS when set to something like policy_name" onblur="alert('xss')



b. Reflected XSS in Barracuda Message Archiver 



Setting various parameters in IP Configuration, Administration, Journal Accounts, Retention Policy, and GroupWise Sync allow 

reflected XSS attacks.



c. Reflected XSS in Barracuda Spam Firewall, IM Firewall and Web Filter



  ·  User provided input is not sanitised when displayed as part of error messages - identified in all verified products.

  ·  User provided input is not sanitised when used to perform various searches - identified in Barracuda Web Filter.

  ·  Manipulation of HTML INPUT hidden elements - identified in all verified products.

  e.g auth_type INPUT hidden element allows a reflected XSS attack when set to something like 

 Local"><script>alert('xss')</script>





Original Advisory:



http://dcsl.ul.ie/advisories/03.htm





Barracuda Networks Technical Alert



http://www.barracudanetworks.com/ns/support/tech_alert.php





Affected Versions



Barracuda Message Archiver (Firmware v1.1.0.010, Model 350)

Barracuda Spam Firewall (Firmware v3.5.11.020, Model 600)

Barracuda Web Filter (Firmware v3.3.0.038, Model 910)

Barracuda IM Firewall (Firmware v3.0.01.008, Model 420)



Other models/firmware versions might be affected.





Mitigation



Vendor recommends upgrading to the following firmware version:



Barracuda Message Archiver Release 1.2.1.002 (2008-07-22)

Barracuda Spam Firewall Release 3.5.12.007 (2008-10-24)

Barracuda Web Filter Release 3.3.0.052 (2008-08-04)

Barracuda IM Firewall Release 3.1.01.017 (2008-07-02)

Barracuda Load Balancer Release 2.3.024 (2008-10-20)



Alternatively, please contact Barracuda Networks for technical support.





Credits



Dr. Marian Ventuneac, marian.ventuneac@ul.ie

Data Communication Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick





Disclaimer



Data Communication Security Laboratory releases this information with the vendor acceptance. DCSL is not responsible for any malicious application of the information presented in this advisory.

    --- End Message ---

    Vissza a www.andrews.hu-ra