Softpedia – (International) Experts find filter bypass vulnerabilities in Barracuda appliances. Security researchers from Vulnerability Lab identified a serious security hole that could affect a number of companies that rely on Barracuda products. They discovered a high severity validation filter and exception handling bypass vulnerability in Barracuda’s appliances. According to the experts, the input filter designed to block out persistent input attacks is flawed, exposing all security appliances. The vulnerable modules — Account MyResource Display and File Upload — persistently execute the saved URL path (which can be a malicious code). The researchers said the flaw can be fixed by parsing the second input request of the “file upload” function and the path URL request. To demonstrate their findings, the experts published a proof-of-concept video that shows how the input filter in Barracuda SSL VPN can be bypassed by a local attacker to execute code persistently. Barracuda Networks was notified of the issues sometime in May, but so far it is uncertain when a patch will be made available.
Ali Loney, on July 16, 2012