The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, April 10, 2006

Barracuda Spam Firewall Remote Compromise

This came in a few days ago: a way was discovered to break into a Barracuda Spam Firewall (another black-box spam filter product). The exploit involves building a specially-crafted ZOO* archive and mailing it to any system inside the firewall. When the Barracuda Spam Firewall sees the ZOO archive, it will open it to search for viruses. The ZOO archive contains long filenames which then perform a classic exploit of a buffer overflow bug.

The advisory does not say that the exploit has actually been seen in the wild, but a proof of concept test has been constructed.

Owners of this firewall should upgrade to firmware #3.3.03.022.

For more information, see the advisory or It Observer article Barracuda Spam Firewall Remote Compromise.

0 Comments:

Post a Comment

<< Home