Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0045 Two vulnerabilities in Barracuda Web Filter addressed by firmware update 5 May 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Barracuda Web Filter Operating System: Network Appliance Impact/Access: Provide Misleading Information -- Remote/Unauthenticated Read-only Data Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-0962 CVE-2015-0961 Member content until: Thursday, June 4 2015 OVERVIEW Two vulnerabilities have been reported in Barracuda Web Filter prior to version 8.1.0.005. [1] IMPACT Barracuda has provided the following details regarding the vulnerabilities: "CVE-2015-0961: prior to version 8.1.0.005, the Barracuda Web Firewall fails to check the validity of upstream certificates when SSL inspection is enabled. Upgrading to version 8.1.0.005 resolves this issue and no other action is required. CVE-2015-0962: versions 7.0 through 8.1.003 ship with a set of default root CA certificates that are common across appliances." [1] MITIGATION Barracuda recommends that users upgrade to the latest generally available firmware release to correct these issues. Barracuda also advises users to turn on and update security definitions. [1] REFERENCES [1] Barracuda Web Filter, SSL Inspection, CVE-2015-0961 and CVE-2015-0962 https://www.barracuda.com/support/techalerts AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVUhXsBLndAQH1ShLAQLurA//Z/Rn1axoq2Fvd4arxyk63CzTUKR5xpl4 Yx/FaHKBB584xk3c79CkIO0jcB0aODzMW498kx9u30HibwWZkOjnBeP5Jzp4z7Yv 1uwWaJcCgpAwYBmfvSl7n7Bo7+FByu6LmLyxJ2S6NeyByDMVCZUYl48XtWBEVXlb 3FyNDFlToCEIH/E7u0OK5H4Pve50prdsmnU4JtKzahUu9K+0n9hMWG4+/tOeMz7c wArfsnVKuvPjpkFj8lhsT3lFy8eUNQ4YVJ6e0jUHYwVFBiLqcq54Z1eBghOFLE9A 6V+csrJax5GWOdjjUWh7/0B5IqlfoeNL26TweqM6/EO8e0NCHF+dRmY0o8ymY6IT zrGtGP4bEmTYJHsKFEdLfVjIYGChHAZuzxMaJL2Vr+itAfXxuh0jqlXIDir01VHl VfXsbSLvywdLRDJo7PdABGDz6zB5VF8axy/5YP7qUIM0PV0GNcdJOb7BU3Wxba2e 6ML1VqTaTTPby3wkicreBTgwsZ6SqXh6Wpw7LYSDcTnd02pYPVoqy+Yh67Gg+H00 9wf/iOV38z6DJj/u4KGQ7e231rHuMU3Vk7wzx38SYBnZulSUHBRrM1uQc3c7NeWr ORKk/nRRHfv3WbLM4Vzqj/pdgL444kEhDE/YzPV8CtgWfMqBj/QYFyWCFkemdLy/ OSZ2YG8CK4Q= =wd5U -----END PGP SIGNATURE-----