Critical SSH Backdoor in multiple Barracuda Networks Products
vulnerable products: Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Link Balancer
Barracuda Load Balancer
Barracuda SSL VPN
1) Backdoor accounts
Several undocumented operating system user accounts exist on the appliance.
They can be used to gain access to the appliance via the terminal but also
via SSH. (see 2)
These accounts are undocumented and can _not_ be disabled!
2) Remote access via SSH
An SSH daemon runs on the appliance, but network filtering (iptables) is used
to only allow access from whitelisted IP ranges (private and public).
The public ranges include servers run by Barracuda Networks Inc. but also
servers from other, unaffiliated entities - all of whom can access SSH on all
affected Barracuda Networks appliances exposed to the Internet.