April 5, 2006
Detoothing a Barracuda
Some people are warning about a security flaw in the popular Barracuda spam firewall. The vulnerability in how Barracudas handle zoo archives potentially could enable a remote attacker to gain control of the firewall program using a buffer overflow exploit. Fortunately, Barracuda has issued a patch to prevent attackers from exploiting this bug -- and potentially turning off the firewall and unleashing a torrent of spam on the unprotected mail servers behind the firewall.
But what's up with all the outbound spam from apparently uncompromised Barracudas? According to the product site, the appliance "prevents spamming" and "includes all the features needed to eliminate your outbound spam." Yet there are numerous reports of spam messages containing the "Scanned: by Barracuda Spam Firewall" header.
Some recent drug spams are apparently coming from webmail providers including Frys.com and some public libraries, such as one in Maryland. There have also been recent 419 scam-spams from a Barracuda-protected mail server run by Liberty USA.
Maybe these are all cases of operator error or Barracudas being misconfigured. The product does have a reputation for some annoying default features, including one known affectionately as backscatter. In any case, makes you wonder whether a bad guy with remote access to a Barracuda could do much additional damage.
Posted by brian at April 5, 2006 7:21 PM
Can we detooth you next Brian?
Posted by: Hombleston at April 12, 2006 1:07 PM