exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Barracuduh.txt

Barracuduh.txt
Posted Feb 23, 2005
Authored by Sean Sosik-Hamor

The Barracuda Spam Firewall versions 3.1.10 and below act as open relay for whitelisted senders.

tags | advisory
SHA-256 | cf42bc7d87a550c9c438e020da00db81db4472a15eecd4aea3d33d06bef75c51

Barracuduh.txt

Change Mirror Download
Description (www.barracudanetworks.com):
The Barracuda Spam Firewall is an integrated hardware and software
solution for complete protection of your e-mail server. It provides a
powerful, easy to use, and affordable solution to eliminate spam and
viruses from your organization.

Synopsis:
Under normal circumstances, the Barracuda Spam Firewall only relays
traffic for domains it is configured for. If a sender's domain or the
Barracuda's own domain is whitelisted, however, all rules are bypassed
and the Barracuda becomes an open relay for all e-mail sent from the
whitelisted domain. This is unacceptable behavior, and whitelisted
senders should only be able to send e-mail to domains for which the
Barracuda is configured to relay.

Effected Versions:
<= Firmware 3.1.10 Open Relay for Whitelisted Domains
>= Firmware 3.1.11 Fixed (Firmware 3.1.12 Released 02/09/2005)

Notes:
Although I found this bug last week while evaluating the Barracuda Spam
Firewall Model 200 (Firmware 3.1.10), a quick search of Barracuda
Networks' forums revealed other customers had complained about the same
problem.

http://forum.barracudanetworks.com/bb/viewtopic.php?t=1545
http://forum.barracudanetworks.com/bb/viewtopic.php?t=1627
http://forum.barracudanetworks.com/bb/viewtopic.php?t=1535

Vendor Response via E-mail (02/08/2005):
The initial vendor response was misleading and inferred that the
Barracuda will only become an open relay if you whitelist your own
domain.

Under the Block/Accept -> Sender Domain Block/Accept tab, if you do not
whitelist your own domains, you do not have to worry about the relaying
issue. Open relaying means people telnet to the Barracuda on port 25,
use "mail from: anybody@pepper.com" and then "rcpt to" somewhere else on
the Internet. Your Barracuda is rejecting these activities and returns
"Recipient address rejected: No such domain at this location" when the
"rcpt to" domain is not one of the "Allowed Recipient Domains."

Your test below was successful because it is the same way that mails are
sent into your network.

Vendor Response via E-mail (02/09/2005):
The second vendor response verified my findings and confirmed a fix
would be available.

Basically anything in that causes the the email to be white listed will
bypass the scanning engine.
This is going to cause the barracuda to be a open relay, this issue is
fixed on the next release of the firmware.
The new firmware should be released by next week.

Release Notes (3.1.11):
Fix: Whitelisted senders no longer have the potential to use the
Barracuda as a relay. Messages are rejected before acceptance instead
of afterwards if destined for a domain not listed on the system.

/Sean/

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close