Barracuda Networks recently discovered a vulnerability in its Email Security Gateway. The vulnerability has been open for the last eight months without a patch being released, according to its own research.
Barracuda’s Email Security Gateway (ESG) has not been as secure as it should have been for the last eight months. According to a statement from the security specialist , the popular high-security business email client has been open to hackers for the past eight months due to a zero-day vulnerability. More specifically, between October 2022 and May 20, 2023.
.tar files are the cause
The investigation found that the vulnerability allowed hackers to perform remote command injection because of “incomplete input validation” of user-supplied .tar files or so-called “tarballs. These are a type of ZIP files that combine a collection of files into a single container.
In versions .1.3.001 through 9.2.0.006 of the ESG client, hackers could execute system commands through the QX operator if a tarball was given a specific, unmentioned, way name.
Three malware injections
Hackers thus unfortunately managed to actively exploit the vulnerability during the aforementioned period, Barracuda Networks continues. They injected systems with no less than three types of malware: Saltwater, Seaside, and Seaspy. This malicious software allowed hackers to perform and use C2, command injection, port monitoring and persistent backdoor functionality, among other things.
The vulnerability has since been patched and a mitigation path has been published. Barracuda Networks does not specify how many end users were affected by the months-long vulnerability, but has notified end users.