back to article Barracuda Email Security Gateways bitten by data thieves

A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants – for at least the past seven months. Barracuda said it discovered the bug, tracked as CVE-2023-2868, in its Email Security Gateway (ESG) appliance on May 19 and pushed a …

  1. Paul Crawford Silver badge
    Trollface

    Gee, it is like you add "Security" to a product's name and it get hacked in under a month.

    1. ecofeco Silver badge

      LOL! I was about to say something of the sort.

      Security? What security?

  2. VoiceOfTruth Silver badge

    Well

    -> No other Barracuda products are affected, according to the security vendor.

    Maybe Barracuda doesn't know that for sure. Maybe other Barracuda products are not affected by this exact security hole, but others which have not yet come to light?

  3. Anonymous Coward
    Anonymous Coward

    Barracuda's response here (UK) was to simply withdraw "Barracuda Email Security Gateway" from the AWS marketplace, so no effort for them to fix that one.

    1. graeme leggett Silver badge

      Is that because the cloudy offering was renamed to "Email Gateway Defense" some time ago?

  4. elregidente

    Their VPN on Linux appears to be harmful, too

    This from Reddit;

    > Barracuda VPN appears to permanently and silently change resolv.conf

    https://www.reddit.com/r/sysadmin/comments/vs4w2b/barracuda_vpn_appears_to_permanently_and_silently/

    "A few months after this, I stumbled across the fact that my resolv.conf had been altered, to that given below, and not reverted by uninstallation..."

    1. OhForF' Silver badge

      barracuda vpn in linux and /etc/resolv.conf

      When connecting to the company network it is actually a wanted functionality that the vpn client modifies /etc/resolv.conf to allow using the cpmpany internal name server to resolve the internal host names to ip adresses that can be reached inside the tunnel and this only happens if it is configured on the vpn server side.

      In my experience the client does undo those changes as soon as the vpn connection is closed down - however it doesn't work properly if the connection is not closed gracefully.

      Typical issues are that you use a WLAN and start the vpn client and then loose contact to your wireless access point before closing down the VPN. You end up with improper entries in /etc/resolv.conf but network manager is as much to blame as the barracuda client - those two don't work nicely with each other as they are unaware anyone else might modify the file.

      It is an annoying issue but netiher nefarious nor really security relevant so i would not label it "harmful".

  5. t245t
    Linux

    The vulnerability stems from incomplete input validation of a user-supplied .tar file

    "The vulnerability stems from incomplete input validation of a user-supplied .tar file"

    Why wasn't this picked-up when they hacked their own email security gateway?

    "Barracuda Email Protection provides the most comprehensive protection against .. spam and ransomware .. spear phishing, business email compromise, and account takeover."

    Why not disabling execution by opening an email attachment?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like