Security Flaw in Email Security Gateway
The California-based company investigation has revealed that the flaw is rooted in a component that screens the attachments of incoming emails and that it can lead to unauthorized access to a subset of email gateway appliances. More in detail, the vulnerability is due to a failure to completely sanitize the processing of .tar files (tape archives). The names of the files contained within the .tar archive file supplied by the user are not correctly sanitized. Therefore, an attacker could format these file names to allow him to remotely execute a system command through Perl's qx operator with the same privileges granted to the Email Security Gateway product.
Patches Deployed & Remedial Actions
Barracuda has informed that security patch BNSF-36456 has been deployed across all ESG devices worldwide just a day later the finding and that as part of their containment strategy, a second patch was applied to all ESG appliances on 21 May 2023. Moreover, a list of remedial actions has been notified to all affected users via the ESG user interface.
Scope of the Attack & Customer Advisory
With 200,000 customers worldwide, the company has not yet disclosed the scale of the attack but has confirmed that no other Barracuda products are subject to this vulnerability. Since the data at hand are limited to the ESG product, customers are advised to review their environments and determine if additional actions are required to mitigate the issue.
Continuing Investigations & Updates
Barracuda is continuing investigations and will provide updates on this issue via their product status page and their Trust Center.
For additional information about the issue please visit:
https://www.barracuda.com/company/legal/esg-vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Holm Security Vulnerability Management Platform – Detection Instructions
We will keep you updated of any new developments or details as they arise.