Filter Bypass Hole in Barracuda

Tuesday, July 17, 2012 @ 05:07 PM gHale


There is a high severity validation filter and exception handling bypass vulnerability in Barracuda’s appliances.

The input filter designed to block out persistent input attacks has a flaw, which exposes all security appliances, said researchers at Vulnerability Lab.

RELATED STORIES
Exploit Hits Plesk Panel
Patch Tuesday Closes Zero Day
Microsoft FixIt For XML Hole
Attack: IE Zero Day

“The bug is located when processing to save the URL path name (DB stored) with attached file. The vulnerability allows the bypassing of the path URL name parse restriction which leads to the execution on a second vulnerable bound module which displays the input as output listing,” the advisory said.

The vulnerable modules – Account MyResource Display and File Upload – persistently execute the saved URL path (which can be a malicious code).

“The URL path function saves the context of the input path name (parsed) as client side request via URL. If the request is getting bound with the file, which is getting stored (persistent) and displayed later on the overview listings, the code is getting executed unauthorized out of the security application context (persistent|server-side),” the security experts said.

The researchers said the user can fix the flaw by parsing the second input request of the “file upload” function and the path URL request.



Leave a Reply

You must be logged in to post a comment.