Gee, it is like you add "Security" to a product's name and it get hacked in under a month.
Barracuda Email Security Gateways bitten by data thieves
A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants – for at least the past seven months. Barracuda said it discovered the bug, tracked as CVE-2023-2868, in its Email Security Gateway (ESG) appliance on May 19 and pushed a …
COMMENTS
-
-
Thursday 1st June 2023 10:31 GMT elregidente
Their VPN on Linux appears to be harmful, too
This from Reddit;
> Barracuda VPN appears to permanently and silently change resolv.conf
https://www.reddit.com/r/sysadmin/comments/vs4w2b/barracuda_vpn_appears_to_permanently_and_silently/
"A few months after this, I stumbled across the fact that my resolv.conf had been altered, to that given below, and not reverted by uninstallation..."
-
Thursday 1st June 2023 20:58 GMT OhForF'
barracuda vpn in linux and /etc/resolv.conf
When connecting to the company network it is actually a wanted functionality that the vpn client modifies /etc/resolv.conf to allow using the cpmpany internal name server to resolve the internal host names to ip adresses that can be reached inside the tunnel and this only happens if it is configured on the vpn server side.
In my experience the client does undo those changes as soon as the vpn connection is closed down - however it doesn't work properly if the connection is not closed gracefully.
Typical issues are that you use a WLAN and start the vpn client and then loose contact to your wireless access point before closing down the VPN. You end up with improper entries in /etc/resolv.conf but network manager is as much to blame as the barracuda client - those two don't work nicely with each other as they are unaware anyone else might modify the file.
It is an annoying issue but netiher nefarious nor really security relevant so i would not label it "harmful".
-
-
Thursday 1st June 2023 20:02 GMT Anonymous Coward
The vulnerability stems from incomplete input validation of a user-supplied .tar file
"The vulnerability stems from incomplete input validation of a user-supplied .tar file"
Why wasn't this picked-up when they hacked their own email security gateway?
"Barracuda Email Protection provides the most comprehensive protection against .. spam and ransomware .. spear phishing, business email compromise, and account takeover."
Why not disabling execution by opening an email attachment?