Barracuda Networks idalengeza kufunikira kosintha zida za ESG (Email Security Gateway) zomwe zakhudzidwa ndi pulogalamu yaumbanda chifukwa cha chiwopsezo cha masiku 0 mu module yolumikizira maimelo. Amanenedwa kuti zigamba zomwe zidatulutsidwa kale sizokwanira kuletsa vuto loyika. Tsatanetsatane sanaperekedwe, koma chigamulo chosintha ma hardware mwina ndi chifukwa cha chiwonongeko chomwe chinayika pulogalamu yaumbanda pamlingo wochepa ndipo sichikhoza kuchotsedwa ndi kung'anima kapena kukonzanso fakitale. Zida zidzasinthidwa kwaulere, koma malipiro a mtengo wa kutumiza ndi kukonzanso ntchito sizinatchulidwe.
ESG ndi pulogalamu ya hardware ndi pulogalamu yoteteza maimelo abizinesi kuti asawukidwe, sipamu ndi ma virus. Pa Meyi 18, kuchuluka kwa magalimoto obwera kuchokera ku zida za ESG kudapezeka, zomwe zidalumikizidwa ndi zoyipa. Kuwunikaku kunawonetsa kuti zidazo zidasokonezedwa pogwiritsa ntchito chiwopsezo chosasinthika (0-day) (CVE-2023-28681), chomwe chimakulolani kuti mupereke khodi yanu potumiza imelo yopangidwa mwapadera. Vutoli lidayamba chifukwa chosowa kutsimikizira koyenera kwa mayina a mafayilo mkati mwazosungira za tar zomwe zimatumizidwa ngati zolumikizira maimelo, ndikulola kuti lamulo losavomerezeka liperekedwe pamakina okwezeka, kupitilira kuthawa popereka code kudzera pa Perl "qx".
Chiwopsezochi chilipo pazida za ESG (zida) zomwe zimaperekedwa mosiyana ndi firmware kuchokera pa 5.1.3.001 mpaka 9.2.0.006 kuphatikiza. Kugwiritsiridwa ntchito kwachiwopsezo kwakhala kukuchitika kuyambira Okutobala 2022 ndipo mpaka Meyi 2023 vutoli silinadziwike. Chiwopsezochi chidagwiritsidwa ntchito ndi omwe akuwukira kukhazikitsa mitundu ingapo ya pulogalamu yaumbanda pazipata - SALTWATER, SEASPY ndi SEASIDE, zomwe zimapereka mwayi wakunja kwa chipangizocho (kumbuyo) ndipo amagwiritsidwa ntchito kuletsa zinsinsi.
The SALTWATER backdoor inapangidwa ngati mod_udp.so module ya bsmtpd SMTP ndondomeko ndipo amalola kutsitsa ndi kuyendetsa mafayilo osasunthika mu dongosolo, komanso zopempha zotsatila ndikuyendetsa magalimoto ku seva yakunja. Kuti muthe kulamulira pakhomo lakumbuyo, kutsekereza kutumiza, recv ndi kutseka mafoni kunagwiritsidwa ntchito.
Gawo loyipa la SEASIDE linalembedwa ku Lua, loyikidwa ngati mod_require_helo.lua module ya seva ya SMTP, ndipo linali ndi udindo woyang'anira malamulo a HELO/EHLO omwe akubwera, kuzindikira zopempha kuchokera ku seva ya C&C, ndikuzindikira magawo oyambitsa chipolopolo chakumbuyo.
SEASPY inali BarracudaMailService yokhazikitsidwa ngati ntchito yamakina. Utumikiwu udagwiritsa ntchito fyuluta yochokera ku PCAP kuyang'anira kuchuluka kwa magalimoto pa 25 (SMTP) ndi ma 587 network madoko ndikuyatsa chitseko chakumbuyo pomwe paketi yokhala ndi mndandanda wapadera idapezeka.
Pa Meyi 20, Barracuda adatulutsa zosintha zokhala ndi chiwopsezo, zomwe zidaperekedwa ku zida zonse pa Meyi 21. Pa Juni 8, zidalengezedwa kuti kusinthaku sikunali kokwanira ndipo ogwiritsa ntchito amayenera kusintha zida zomwe zidasokonekera. Ogwiritsa ntchito amalimbikitsidwanso kuti asinthe makiyi ndi zidziwitso zilizonse zomwe zadutsa njira ndi Barracuda ESG, monga zomwe zimagwirizanitsidwa ndi LDAP / AD ndi Barracuda Cloud Control. Malinga ndi deta yoyambirira, pali zida za 11 ESG pamanetiweki pogwiritsa ntchito Barracuda Networks Spam Firewall smtpd service, yomwe imagwiritsidwa ntchito pa Imelo Security Gateway.
Source: opennet.ru