I-Barracuda Networks ibhengeze isidingo sokutshintsha ngokwenyama indawo ye-ESG (i-imeyile yoKhuseleko lweSango) izixhobo ezichatshazelwa yi-malware njengesiphumo sobungozi beentsuku ezi-0 kwimodyuli yokulungisa i-imeyile. Kuxelwe ukuba iipetshi ezikhutshwe ngaphambili azikwanelanga ukuvimba ingxaki yofakelo. Iinkcukacha azinikezelwanga, kodwa ngokuqinisekileyo isigqibo sokutshintsha izixhobo senziwe ngenxa yokuhlaselwa okukhokelela ekufakweni kwe-malware kwinqanaba eliphantsi, kunye nokungakwazi ukukususa ngokutshintshela i-firmware okanye ukuyibuyisela kwisimo sefektri. Isixhobo siza kutshintshwa ngaphandle kwentlawulo, imbuyekezo yokuhanjiswa kunye neendleko zomsebenzi ezitshintshwayo azichazwanga.
I-ESG yihardware kunye nesoftware entsonkothileyo yokukhusela i-imeyile yeshishini kuhlaselo, ugaxekile kunye neentsholongwane. Nge-18 kaMeyi, itrafikhi engaqhelekanga yarekhodwa kwizixhobo ze-ESG, eziye zayanyaniswa nomsebenzi okhohlakeleyo. Uhlalutyo lubonise ukuba izixhobo ziye zaphazamiseka zisebenzisa ubungozi obungabhalwanga (0-day) (CVE-2023-28681), evumela ukuba wenze ikhowudi yakho ngokuthumela i-imeyile eyenzelwe ngokukhethekileyo. Umba ubangelwe kukunqongophala koqinisekiso olululo lwamagama eefayili ngaphakathi koovimba betha abathunyelwe njengezincamatheliso ze-imeyile, kwaye kwavumela umyalelo ongekho mthethweni ukuba uphunyezwe kwisistim ngamalungelo aphakamileyo, kudlule ukusinda xa kusenziwa ikhowudi ngomqhubi wePerl "qx".
Ubuthathaka bukhona kwizixhobo ze-ESG ezibonelelwe ngokwahlukileyo (izixhobo) ezineenguqulelo ze-firmware ukusuka kwi-5.1.3.001 ukuya kwi-9.2.0.006 equkiweyo. Iinyani zokuxhaphazwa kobuthathaka zinokulandelelwa ngo-Okthobha ka-2022 kwaye kude kube nguMeyi ka-2023 ingxaki ihleli ingabonwa. Ubuthathaka busetyenziswe ngabahlaseli ukufaka iindidi ezininzi ze-malware kumasango - i-SALTWATER, i-SEASPY kunye ne-SEASIDE, enikezela ukufikelela kwangaphandle kwisixhobo (i-backdoor) kwaye isetyenziselwa ukuthintela idatha eyimfihlo.
I-backdoor ye-SALTWATER yenzelwe njengemodyuli ye-mod_udp.so kwinkqubo ye-bsmtpd ye-SMTP kwaye ivumele iifayile ezithintekayo ukuba zikhutshelwe kwaye ziqhutywe kwinkqubo, kunye nezicelo ze-proxy kunye ne-tunnel ye-tunnel kwi-server yangaphandle. Ukufumana ulawulo, ucango lwangasemva lusebenzise iminxeba yokuthumela, i-recv kunye nokuvala inkqubo.
Icandelo elikhohlakeleyo elithi SEASIDE libhalwe kwiLua, lifakwe njengemodyuli mod_require_helo.lua yeseva ye-SMTP kwaye yayinoxanduva lokujonga imiyalelo engenayo ye-HELO/EHLO, ukuchonga izicelo ezivela kumyalelo kunye nomncedisi wolawulo, kunye nokumisela iiparameters zokuqalisa iqokobhe elibuyela umva.
I-SEASPY yayiyifayile ye-BarracudaMailService ephunyeziweyo efakwe njengenkonzo yenkqubo. Inkonzo isebenzise i-PCAP-based filters ukubeka iliso kwi-traffic kwi-25 (SMTP) kunye ne-587 network port port kwaye isebenze i-backdoor xa ipakethi enokulandelelana okukhethekileyo ifunyenwe.
NgoMeyi 20, uBarracuda ukhuphe uhlaziyo olunokulungiswa kobuthathaka, oluye lwaziswa kuzo zonke izixhobo ngoMeyi 21. NgoJuni 8, kwabhengezwa ukuba uhlaziyo alwanelanga kwaye abasebenzisi kuya kufuneka batshintshe ngokwasemzimbeni izixhobo ezichaphazelekileyo. Abasebenzisi bayacetyiswa ukuba batshintshe naziphi na izitshixo zokufikelela kunye neziqinisekiso eziye zadlulana ne-Barracuda ESG, ezifana nezo zihambelana ne-LDAP / AD kunye ne-Barracuda Cloud Control. Ngokutsho kwedatha yokuqala, kukho malunga ne-11 amawaka e-ESG izixhobo kwinethiwekhi usebenzisa i-Barracuda Networks Spam Firewall smtpd inkonzo, esetyenziswa kwiSango loKhuseleko lwe-imeyile.
umthombo: opennet.ru