[CS-FSLUG] Backdoor accounts found in networking and , security appliances from Barracuda Networks

Fred A. Miller fmiller at lightlink.com
Wed Jan 30 20:23:08 CST 2013


IDG News Service - A variety of networking and security
appliances from Barracuda Networks contain backdoor accounts
that could allow attackers to log in remotely over SSH
(Secure Shell) and gain administrative, or root, access on
the devices.

The backdoor accounts were discovered by security
researchers from Austria-based security firm SEC Consult.
These accounts are not documented, they cannot be removed
and can be accessed over SSH, they said in a security
advisory published Thursday.

Furthermore, the appliances are configured by default to
accept SSH connections from certain ranges of public IP
addresses. Some servers located in those IP ranges are owned
by Barracuda Networks, but others are owned by third-party
organizations and individuals.

An attacker who compromises any server from the whitelisted
IP ranges can gain administrative rights on Barracuda
Networks appliances connected to the Internet by using the
backdoor accounts, the SEC Consult researchers warned.

For example, one particular backdoor account called
"product" can be used to log into a Barracuda appliance,
access its MySQL database without a password and add new
administrative users to the device's configuration, the
researchers said. On the Barracuda SSL VPN
appliance it was also possible to enable diagnostic or
debugging functionality which could be used to gain root
access, they said.

Barracuda Networks acknowledged the problem on Wednesday and
advised customers to update the Security Definitions on
their devices to version 2.0.5 immediately.

"Our research has confirmed that an attacker with specific
internal knowledge of the Barracuda appliances may be able
to remotely log into a non-privileged account on the
appliance from a small set of IP addresses," the company
said in an advisory on its website.

According to the company, all appliances with the exception
of the Barracuda Backup Server, Barracuda Firewall, and
Barracuda NG Firewall are potentially affected. This
includes: Barracuda Spam and Virus Firewall, Barracuda Web
Filter, Barracuda Message Archiver, Barracuda Web
Application Firewall, Barracuda Link Balancer, Barracuda
Load Balancer, Barracuda SSL VPN.

The company noted that the security definitions update
"drastically minimizes potential attack vectors," but
advised customers who want to disable the remote support
access functionality completely to contact its technical
support department.

Congress have no power to disarm the militia. Their swords, and
every other terrible implement of the soldier, are the birth-right
of an American... [T]he unlimited power of the sword is not in the
hands of either the federal or state governments, but, where I trust
in God it will ever remain, in the hands of the people. - Tench Coxe, 1788

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20130130/15515171/attachment.htm>

More information about the Christiansource mailing list