Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0085 A vulnerability has been reported in Barracuda Spam and Virus Firewall v6.0.2 and earlier 23 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Barracuda Spam and Virus Firewall Operating System: Network Appliance Impact/Access: Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade Member content until: Friday, August 22 2014 OVERVIEW A vulnerability has been reported in Barracuda Spam and Virus Firewall v6.0.2 and earlier. [1] IMPACT Barracuda has provided the following details regarding these issues: "The product version listed above contain an unresolved non persistent XSS vulnerability. To trigger this attack an attacker must authenticate as an administrative user prior to delivering the attack. The attack provides no privilege escalation." [1] MITIGATION The vendor recommends upgrading to the latest version of the affected product. REFERENCES [1] BNSEC-01176: Authenticated non-persistent XSS in Barracuda Spam and Virus Firewall v6.0.2 https://www.barracuda.com/support/knowledgebase/501600000013gvh AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU884KBLndAQH1ShLAQJ52w/+JJtps5VBLhJTZZ0D6bnjHWhz3IVIIUdp W9lh1/1qZks3vo9pC+F30ZOSGJHPp3L/Y+61AI+ardctK6IfUy/Jz1OVI1w/Rfbx p9uA2Jn/Q5riLwog9+7oe8lTZ8TBhasB89+/eiXvjGjFGXSV/fnFxyec7F6PYCP+ rXwHDFjW065Fngw4NZ+ZFWWeoxguJB4wjMuQYeO807F9aunYzPKaS/CjDmSwd54z eiYu2bOCujzdBO0n8RIAmlp6KeOiSwBaxa+XRnsYLLiIHnAJphftMW4VDhAjAdG5 CAVE6fzXfnIcThemJi26f1m9ViESFNMgNQB9qEL/lrER5jPrOdAbtsO6FShTBGn0 2EKbWiqB0pilajq/te9FCgLeKoXoJLJH51URbCNTDgQB2SUdwmlB+FHZyu5MB78z Vum92OhmonQKFz6k/kuQl1gXW+CgU6ZtbhN9abtQQepyX/S+yMlx6NXiJkmbu3qL v0yZYzEYMviNAg8+TSolfRVJwY7l2Ebu2VGneC2+GYSnth9e5sVXcKSaXq0VsO7U fCtwa0UDGhMiQatFTcI0CHXb/rfCjTsIXkuD3i7sxChbHz3NwnoKs9DP8AH+CBXW BAJSXuILzHRO/RxxruAHK/nlZpo5Y2PY+wZG0Y4LIAmOgMjFxKp2iO634qRUxdjw KPIropTsnQw= =5iHw -----END PGP SIGNATURE-----