Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0085
A vulnerability has been reported in Barracuda Spam and
Virus Firewall v6.0.2 and earlier
23 July 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Barracuda Spam and Virus Firewall
Operating System: Network Appliance
Impact/Access: Cross-site Scripting -- Existing Account
Resolution: Patch/Upgrade
Member content until: Friday, August 22 2014
OVERVIEW
A vulnerability has been reported in Barracuda Spam and Virus
Firewall v6.0.2 and earlier. [1]
IMPACT
Barracuda has provided the following details regarding these issues:
"The product version listed above contain an unresolved non
persistent XSS vulnerability. To trigger this attack an attacker
must authenticate as an administrative user prior to delivering the
attack. The attack provides no privilege escalation." [1]
MITIGATION
The vendor recommends upgrading to the latest version of the
affected product.
REFERENCES
[1] BNSEC-01176: Authenticated non-persistent XSS in Barracuda Spam and
Virus Firewall v6.0.2
https://www.barracuda.com/support/knowledgebase/501600000013gvh
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU884KBLndAQH1ShLAQJ52w/+JJtps5VBLhJTZZ0D6bnjHWhz3IVIIUdp
W9lh1/1qZks3vo9pC+F30ZOSGJHPp3L/Y+61AI+ardctK6IfUy/Jz1OVI1w/Rfbx
p9uA2Jn/Q5riLwog9+7oe8lTZ8TBhasB89+/eiXvjGjFGXSV/fnFxyec7F6PYCP+
rXwHDFjW065Fngw4NZ+ZFWWeoxguJB4wjMuQYeO807F9aunYzPKaS/CjDmSwd54z
eiYu2bOCujzdBO0n8RIAmlp6KeOiSwBaxa+XRnsYLLiIHnAJphftMW4VDhAjAdG5
CAVE6fzXfnIcThemJi26f1m9ViESFNMgNQB9qEL/lrER5jPrOdAbtsO6FShTBGn0
2EKbWiqB0pilajq/te9FCgLeKoXoJLJH51URbCNTDgQB2SUdwmlB+FHZyu5MB78z
Vum92OhmonQKFz6k/kuQl1gXW+CgU6ZtbhN9abtQQepyX/S+yMlx6NXiJkmbu3qL
v0yZYzEYMviNAg8+TSolfRVJwY7l2Ebu2VGneC2+GYSnth9e5sVXcKSaXq0VsO7U
fCtwa0UDGhMiQatFTcI0CHXb/rfCjTsIXkuD3i7sxChbHz3NwnoKs9DP8AH+CBXW
BAJSXuILzHRO/RxxruAHK/nlZpo5Y2PY+wZG0Y4LIAmOgMjFxKp2iO634qRUxdjw
KPIropTsnQw=
=5iHw
-----END PGP SIGNATURE-----