Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0080 A vulnerability has been reported in Barracuda Message Archiver v3.2 21 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Barracuda Message Archiver Operating System: Network Appliance Impact/Access: Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade Member content until: Wednesday, August 20 2014 OVERVIEW A vulnerability has been reported in Barracuda Message Archiver v3.2. [1] IMPACT Barracuda has provided the following details regarding these issues: "Barracuda message Archiver is vulnerable to an authenticated persistent XSS in the versions listed above. The vulnerability allows remote attackers to inject persistent malicious script via the web interface of the device. The attacker must have partial admin privileges in order to execute the attack. In practice this vulnerability may be viably exploitable." [1] MITIGATION The vendor recommends upgrading to the latest version of the affected product. REFERENCES [1] BNSEC-00703: Remote authenticated persistent XSS in Barracuda Message Archiver v3.2 https://www.barracuda.com/support/knowledgebase/501600000013lXe AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU8yS/BLndAQH1ShLAQLshQ//aX3fus+hYimcv7FJGoqgWYT8kSlvGzsQ VFdlPHxiGEMfkZMjy9+fK7el0h1HDZJpZRJqa/KP6OkTnFhvWve9lWwUzgKuHahN l6MciJVdxB0bDv2RuwPCC3FnWopIT6H0HT+nNuh0IPCjBIVivx7h5v0bqy7/qSCc Mz97qdpbQgldas96ZUYBUScwvjia3nUnVrQnCoZQS2v9VoChMNmyQvofkdsmMhXk 4VHe2F318MeQT//NwU5K3+Z5xyMIQq0eBvXAIITypELXaHSId7Z8b8cceMveBQ6z A9Vuen59biNBTZnG1gOhnoM7ugFoW5Et6WJhxnA/SNuzL6T0vQ0DsN7gShxDPrel llVIiXQPxWba26pciwb1tn/+GNFgU2wMjKff2f58Moy1KslR/+BWu2kcLe8n6MjA M2yQY63OPwnOrZYas+OqOylrQSVuU2G9Um2OOQ6A7G4+tNaV1hnCYiwJfAzdjJo/ 2gWMFPdj2I8+X3qOagwMpaKp+sZz/viuwNq22OxrYc+Sb338nzF8JJOw1Lw69QqL NxZN8eDYjU8X0v0o3TcvXCsFZ6WQ6PtUZVwiin+NbjfBT/BWwmwNOJFNz7Az4iOe xHG2kBnxYO33GA92KpmDBlu8FHpgCzSDYhGeiIMQHIXQ4xD6NjIfxy4tTD+59zsN +CBknin7Vbw= =guu4 -----END PGP SIGNATURE-----