Detoothing a Barracuda

By | April 6, 2006

Some people are warning about a security flaw in the popular Barracuda spam firewall. The vulnerability in how Barracudas handle zoo archives potentially could enable a remote attacker to gain control of the firewall program using a buffer overflow exploit.

Fortunately, Barracuda has issued a patch to prevent attackers from exploiting this bug — and potentially turning off the firewall and unleashing a torrent of spam on the unprotected mail servers behind the firewall.

But what´s up with all the outbound spam from apparently uncompromised Barracudas? According to the product site, the appliance “prevents spamming” and “includes all the features needed to eliminate your outbound spam.” Yet there are numerous reports of spam messages containing the “Scanned: by Barracuda Spam Firewall” header.Read Full Story

Leave a Reply