Barracuda Networks ya sanar da buƙatar maye gurbin na'urorin ESG (Email Security Gateway) da malware ya shafa sakamakon raunin kwanaki 0 a cikin tsarin sarrafa abin da aka makala imel. An ba da rahoton cewa facin da aka fitar a baya bai isa ya toshe matsalar shigarwa ba. Ba a bayar da cikakkun bayanai ba, amma mai yiwuwa an yanke shawarar maye gurbin kayan aikin ne saboda harin da ya kai ga shigar da malware a ƙananan matakin, da kuma rashin iya cire shi ta hanyar maye gurbin firmware ko sake saita shi zuwa yanayin masana'anta. Za a maye gurbin kayan aikin kyauta; ba a kayyade diyya don bayarwa da kuma canjin farashin aiki ba.
ESG hardware ne da hadadden software don kare imel na kamfani daga hare-hare, spam da ƙwayoyin cuta. A ranar 18 ga Mayu, an yi rikodin zirga-zirgar ababen hawa daga na'urorin ESG, waɗanda suka zama masu alaƙa da munanan ayyuka. Binciken ya nuna cewa an lalata na'urorin ta amfani da rashin lahani (0-day) mara lahani (CVE-2023-28681), wanda ke ba ku damar aiwatar da lambar ku ta hanyar aika saƙon imel na musamman. Matsalar ta samo asali ne sakamakon rashin ingantaccen ingantaccen sunaye a cikin wuraren ajiyar tar da aka aika azaman haɗe-haɗe na imel, kuma an ba da izinin aiwatar da umarni na sabani akan tsarin tare da manyan gata, ketare tserewa lokacin aiwatar da lamba ta hanyar Perl "qx" ma'aikacin.
Rashin lahani yana nan a cikin na'urorin ESG da aka kawo daban (na'urori) tare da nau'ikan firmware daga 5.1.3.001 zuwa 9.2.0.006 hade. Za a iya gano gaskiyar yadda ake amfani da raunin har zuwa Oktoba 2022 kuma har zuwa Mayu 2023 ba a gano matsalar ba. An yi amfani da raunin da maharan suka yi don shigar da nau'ikan malware iri-iri a kan ƙofofin - SALTWATER, SEASPY da SEASIDE, waɗanda ke ba da damar waje zuwa na'urar (baya) kuma ana amfani da su don ɓoye bayanan sirri.
An tsara kofa ta bayan SALTWATER azaman module mod_udp.so zuwa tsarin bsmtpd SMTP kuma an ba da izinin saukar da fayiloli na sabani da aiwatar da su akan tsarin, da kuma buƙatun wakili da zirga-zirgar rami zuwa sabar waje. Don samun iko, bayan gida yayi amfani da kutse na aikawa, recv da rufe kiran tsarin.
An rubuta ɓangaren ɓarna SEASIDE a cikin Lua, an shigar dashi azaman module mod_require_helo.lua don uwar garken SMTP kuma yana da alhakin sa ido kan umarnin HELO/EHLO masu shigowa, gano buƙatun daga umarni da uwar garken sarrafawa, da ƙayyade sigogi don ƙaddamar da harsashi na baya.
SEASPY fayil ne na BarracudaMailService mai aiwatarwa wanda aka shigar azaman sabis na tsarin. Sabis ɗin ya yi amfani da matatar tushen PCAP don saka idanu kan zirga-zirga akan 25 (SMTP) da tashoshin sadarwa na 587 kuma ya kunna ƙofar baya lokacin da aka gano fakiti mai jeri na musamman.
A ranar 20 ga Mayu, Barracuda ya fitar da sabuntawa tare da gyara don raunin, wanda aka kai ga duk na'urori a ranar 21 ga Mayu. A ranar 8 ga Yuni, an ba da sanarwar cewa sabuntawar bai isa ba kuma masu amfani za su buƙaci maye gurbin na'urorin da aka lalata ta jiki. Ana kuma shawarci masu amfani da su maye gurbin kowane maɓallan shiga da takaddun shaida waɗanda suka mamaye Barracuda ESG, kamar waɗanda ke da alaƙa da LDAP/AD da Barracuda Cloud Control. Dangane da bayanan farko, akwai kusan na'urorin ESG dubu 11 akan hanyar sadarwar ta amfani da sabis na Barracuda Networks Spam Firewall smtpd, wanda ake amfani da shi a cikin Ƙofar Tsaro ta Imel.
source: budenet.ru