In this week we discovered multiple Input Validation Vulnerabilities on Barracuda IM Firewall Appliance. A remote attacker is able to get sensitive customer sessions or can implement evil script routines(JS;PHP) & malicious codes(server-side).  A Input Validation Vulnerability is detected on server-side(persistent) of IMFW 620.

When exploited by an authenticated user,the identified vulnerability can lead to Information Disclosure, Session Hijack, access to Intranet available servers. In the following picture can you see a included content(extern on server-side) what can be any malicious Script routine. On our public Tests we loaded a other website(extern) out of the IMFirewall.

The next picture show the vulnerable module what set the specific request. This routine got not parsed or filtered by any security exception of barracuda (illegal characters exception).

Barracuda have a illegal charakter filter(exceptions) what can be bypassed over that module to get access through the IMFirewall. I like the filter & exception-handling of Barracuda IMFirewall because they can detect(stop) a lot of web attacks inside & outside of the service(application). On our Pentests we verified the vulnerability by loading a malicious “bad-example.exe” file out of the firewall application. The zer0-day was droped on the exploit-db by Global-Evolution.

Tested on OS: Windows 7
Tested with Software: Mozilla Firefox 3.5.x (Portable|Modified) with Dev Suite; MS IE8.x …

Vulnerable Products: Barracuda IM Firewall 620
Affected Versions: Model 620 Firmware v4.0.01.003
Vulnerability Type: Input Validation Vulnerabilities (Server-Side|Persistent)

Vendor-URL: http://barracuda.com/
Produkt-URL: http://www.barracudanetworks.com/ns/products/im_overview.php
Demo-URL: http://im.barracuda.com/cgi-mod/index.cgi

Advisory-Status: Published | 07.12.2009
Advisory-URL: http://www.exploit-db.com/exploits/10347
Report-URL: http://www.global-evolution.info/news/?p=930

Download: Barracuda IM Firewall 620 – Input Validation Vulnerability

[Writer: ~rem0ve]