Updated:  August 24, 2006

Status

Affected

Vendor Statement

On August 3, 2006, system settings were delivered to all Barracuda Spam Firewalls in the field via Energize Updates to disable the underlying mechanisms behind these vulnerabilities. As such, no Barracuda Spam Firewalls with current Energize Updates subscriptions should be affected by these vulnerabilities. As part of the test rollout, these settings were initially delivered with the upgrade to early release firmware 3.4.05.017 on July 14, 2006. These settings were later successfully delivered with the upgrade to generally available firmware 3.3.03.055 on July 18, 2006. While it is generally recommended that customers upgrade to the latest release, these upgrades are no longer necessary for protection against these specific vulnerabilities. To avoid future vulnerabilities, Barracuda Networks recommends that customers restrict unnecessary external Web access to their Barracuda Spam Firewalls. Fix: For firmware version 3.3.x and earlier: upgrade to firmware version 3.3.03.055 For firmware version 3.4.x: upgrade to firmware version 3.4.05.017 For more info: Email support@barracudanetworks.com Phone +1 408 342 5400, +1 888 Anti-Spam Standard Phone or Email Technical Support offered 24 x 7.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.