Barracuda Networks yakazivisa kukosha kwekutsiva ESG (Email Security Gateway) zvishandiso zvakakanganisika nemalware semhedzisiro yekusagadzikana kwemazuva-0 mune email yekunamatira yekugadzirisa module. Zvinonzi zvigamba zvakamboburitswa hazvina kukwana kuvhara dambudziko rekuisa. Tsanangudzo haina kupihwa, asi zvinofungidzirwa kuti sarudzo yekutsiva iyo midziyo yakaitwa nekuda kwekurwiswa kwakakonzera kuiswa kwemarware padanho rakaderera, uye kusakwanisa kuibvisa nekutsiva iyo firmware kana kuidzosera kune fekitori mamiriro. Midziyo yacho ichatsiviwa mahara; muripo wekutumira uye kutsiva mutengo wevashandi hauna kutaurwa.
ESG ihardware uye software yakaoma yekudzivirira email yebhizinesi kubva mukurwiswa, spam uye mavhairasi. Musi waChivabvu 18, traffic inosemesa yakarekodhwa kubva kumidziyo yeESG, iyo yakazove yakabatana nebasa rakashata. Ongororo iyi yakaratidza kuti zvishandiso zvakakanganiswa uchishandisa isina kurongeka (0-zuva) njodzi (CVE-2023-28681), iyo inokutendera kuti uite kodhi yako nekutumira yakanyatsogadzirwa email. Nyaya iyi yakakonzerwa nekushaikwa kwechokwadi kwemazita emafaira mukati me tar archives yakatumirwa sema email zvakanamirwa, uye yakabvumira murairo wepombi kuti uitwe pahurongwa neropafadzo dzakakwirira, nekupfuura kutiza paunenge uchiita kodhi kuburikidza nePerl "qx" mushandisi.
Kusagadzikana kunowanikwa mune zvakasiyana-siyana zvinopihwa ESG zvishandiso (midziyo) ine firmware shanduro kubva 5.1.3.001 kusvika 9.2.0.006 inosanganisirwa. Chokwadi chekushandiswa kwekusagadzikana kunogona kuteverwa kumashure muna Gumiguru 2022 uye kusvika Chivabvu 2023 dambudziko rakaramba risingaonekwe. Kusagadzikana kwakashandiswa nevanorwisa kuisa akati wandei emhando dzemalware pamasuwo - SALTWATER, SEASPY uye SEASIDE, iyo inopa kunze kwekunze kune mudziyo (backdoor) uye inoshandiswa kubata zvakavanzika data.
Iyo SALTWATER backdoor yakagadzirwa semodule mod_udp.so kune bsmtpd SMTP maitiro uye yakabvumira mafaera asina tsananguro kuti adhawunirodhe uye aitwe pane system, pamwe nekukumbira proxy uye tunnel traffic kune yekunze server. Kuti uwane hutongi, iyo yekuseri yakashandiswa kubata kwekutumira, recv uye kuvhara nharembozha.
Iyo yakaipa chikamu SEASIDE yakanyorwa muLua, yakaiswa semodule mod_require_helo.lua yeSMTP server uye yaive nebasa rekutarisa inouya HELO/EHLO mirairo, kuona zvikumbiro kubva kumirairo uye control server, uye kuona maparamita ekutangisa reverse shell.
SEASPY yaive faira reBarracudaMailService rinogoneka rakaiswa sevhisi system. Iyo sevhisi yakashandisa PCAP-based sefa yekutarisa traffic pa25 (SMTP) uye 587 network ports uye yakamisa kuseri kwemba pakaonekwa pakiti ine kutevedzana kwakakosha.
Musi waChivabvu 20, Barracuda yakaburitsa gadziriso ine gadziriso yekusagadzikana, iyo yakaunzwa kumidziyo yese muna Chivabvu 21. Musi waChikumi 8, zvakaziviswa kuti iyo yekuvandudza yakanga isina kukwana uye vashandisi vaizoda kutsiva midziyo yakakanganiswa. Vashandisi vanoyambirwawo kutsiva chero makiyi ekuwana uye zvitupa zvakapfuura neBarracuda ESG, senge izvo zvine chekuita neLDAP/AD uye Barracuda Cloud Control. Zvinoenderana nedata rekutanga, kune zviuru gumi nezviuru zveESG zvishandiso panetiweki uchishandisa iyo Barracuda Networks Spam Firewall smtpd sevhisi, iyo inoshandiswa muEmail Security Gateway.
Source: opennet.ru