This solution applies to all Barracuda Spam Firewalls, all firmware versions.
Barracuda units do not rely upon or use libspf2; as a result Barracuda appliances are immune to this vulnerability and are unaffected. The following is for informational purposes only.
A vulnerability has recently been discovered in the libspf2 software library, which allows the execution of malicious code via the creation of a special record in the Domain Name System (DNS). Because firewalls and intrusion detection and prevention systems do not typically examine DNS records, DNS is a particularly vulnerable point of attack for hackers.
Networks hosting email servers located in the "De-militarized zone" (DMZ) are particularly vulnerable, as such servers will be publicly accessible while at the same time possessing access to the internal network. Therefore, exploitation of this vulnerability may allow an attacker to bypass security measures and gain access to internal network resources.
You should check your mail servers and any other commercial spam filtering solutions you may use to ensure that you have upgraded to the latest libspf2 version (1.2.8) in order to resolve this vulnerability.
Link to This Page: