Document Title: =============== Barracuda Backup - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=783 BARRACUDA NETWORK SECURITY ID: BNSEC-881 Release Date: ============= 2013-06-14 Vulnerability Laboratory ID (VL-ID): ==================================== 783 Common Vulnerability Scoring System: ==================================== 3.5 Product & Service Introduction: =============================== Barracuda Backup Service is a complete and affordable data backup solution. The Barracuda Backup Server provides a full local data backup and is combined with a storage subscription to replicate data to two offsite locations. This approach provides the best of both worlds - onsite backups for fast restore times and secure, offsite storage for disaster recovery. Block level deduplication is applied inline to reduce traditional backup storage requirements by 20 to 50 times while also reducing backup windows and bandwidth requirements. Cloud Storage with Deduplication Barracuda Backup Subscription plans provide diverse offsite storage at affordable monthly fees that scale to meet increasing data requirements. * Secure backup to two geo-separate data centers * Deduplicated efficient backup storage * Redundant disk-based storage * Best-of-breed data retention policies * Web interface multi-location management * Restore by Web, FTP and Windows software (Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products/backup_overview.php) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the Barracuda Networks Backup Appliance Application. Vulnerability Disclosure Timeline: ================================== 2012-12-02: Researcher Notification & Coordination 2012-12-04: Vendor Notification 2012-12-08: Vendor Response/Feedback 2013-03-06: Vendor Fix/Patch (Confirmed) 2013-06-15: Public Disclosure Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== Low Technical Details & Description: ================================ 1.1 Multiple persistent input validation vulnerabilities are detected in the Barracuda Networks Backup Appliance Application. The bugs allow remote attackers to implement/inject malicious script code on the application-side (persistent). The persistent vulnerabilities are located in the Backup Server Verbinden - Prüf Informationen module with the bound vulnerable seriennummer & verbindungscode input or listing parameters. Remote exploitation requires low user interaction and a low privilege application user account. Successful exploitation of the vulnerability results in persistent session hijacking (admin/auditor), persistent phishing (application-side) and persistent manipulation of affected (vulnerable) modules. Vulnerable Module(s): [+] Backup Server Verbinden - Prüf Informationen Vulnerable Parameter(s): [+] Seriennummer [+] Verbindungscode 1.2 A non persistent cross site scripting vulnerability is detected in the Barracuda Networks Backup Appliance Application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions (client-side) with low or medium required user interaction and without local low privilege application user account. The vulnerability is located in the replication application module with the bound vulnerable update parameter request. Attackers can inject the script code on client side after processing to request the update value. Successful exploitation results in client side account steal, client side phishing, client side external redirects & client-side appliance module web context request manipulation. Exploitation of the vulnerability requires medium user interaction. Vulnerable Module(s): [+] Replication Vulnerable Parameter(s): [+] Update Proof of Concept (PoC): ======================= 1.1 The persistent web vulnerability can be exploited by remote attacker with low privileged application user account and low or medium required user interaction. For demonstration or reproduce ... Review: Admin > Barracuda Backup Server verbinden > Verbinden Sie einen neuen Backup-Server > Seriennummer und Verbindungscode + Connect Listing

Prüfinformation