Barracuda Networks

Updated:  August 24, 2006



Vendor Statement

On August 3, 2006, system settings were delivered to all Barracuda Spam Firewalls in the field via Energize Updates to disable the underlying mechanisms behind these vulnerabilities. As such, no Barracuda Spam Firewalls with current Energize Updates subscriptions should be affected by these vulnerabilities. As part of the test rollout, these settings were initially delivered with the upgrade to early release firmware on July 14, 2006. These settings were later successfully delivered with the upgrade to generally available firmware on July 18, 2006. While it is generally recommended that customers upgrade to the latest release, these upgrades are no longer necessary for protection against these specific vulnerabilities. To avoid future vulnerabilities, Barracuda Networks recommends that customers restrict unnecessary external Web access to their Barracuda Spam Firewalls. Fix: For firmware version 3.3.x and earlier: upgrade to firmware version For firmware version 3.4.x: upgrade to firmware version For more info: Email Phone +1 408 342 5400, +1 888 Anti-Spam Standard Phone or Email Technical Support offered 24 x 7.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.