
CVE-2015-0235 - GHOST vulnerability
#1
Posted 29 January 2015 - 11:50 AM
We have confirmed that some of our products and services use affected versions of glibc. We’ve further determined that exploitation of the vulnerability requires conditions which do not exist in many of our products. Rather than delay patches by exhaustively analyzing all our products and services for the required precondition, we are electing to patch all products and services.
We are currently developing and testing the delivery of patches to our physical and virtual appliance products and will deliver them as soon as possible.
Our operations teams began patching our production services on Tuesday. Patching of our services has been completed as of this writing. The patching process requires server restarts. We are making every effort to ensure that service is not interrupted during the patching/restart process.
- mheller likes this
#3
Posted 30 January 2015 - 03:08 AM
Patches for the NG Firewall product are available in the Barracuda download area (https://login.barrac...port/downloads/).
- mheller likes this
#4
Posted 30 January 2015 - 08:36 PM
Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Firewall
Barracuda Load Balancer
Barracuda Load Balancer ADC
Barracuda Link Balancer
Barracuda SSL VPN
Barracuda Backup Server
Cudatel
A reboot is required after installation of the secdef.
For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
- Romel Jacinto likes this
#5
Posted 30 January 2015 - 08:47 PM
Thanks Dave for the notification on this. We have seen notifications come through our firewalls in the form of emails. Can you please confirm these are valid emails from Barracuda. Also can you confirm that users affected will need to download and install the patch? Will this be in the form of Firware upgrade for both virtual and physical appliances? Any help would be appreciated.
#6
Posted 31 January 2015 - 12:40 PM
The patch is being delivered as a Security Definition Update rather than as a Firmware update. The Security Definition will apply to the current firmware version of the product you are running even if it is not the most current firmware.
Security Definition Updates are available on the Energize Updates page under the Advanced tab. There is an option on that page to enable/disable automatic installation of Security Definitions. If you have received an email telling you to reboot then the Security Definition has already been downloaded and applied an the only thing you need to do is to reboot.
This process applies both to physical and virtual appliances.
#7
Posted 02 February 2015 - 03:49 AM
Thank you Dave !
#8
Posted 02 February 2015 - 02:02 PM
How do we determine whether this patch has been applied to our Cudatel telephone systems? There is no externally visible indication of patch status other than a generic "Firmware x.x.x.". Barracuda / Cudatel has pushed other "security" updates that have resulted in system restarts, and no other notification or indication.
#9
Posted 02 February 2015 - 03:06 PM
I applies the patch for the NG-F100 firewalls that I manage and the version number shown in the admin interface did not change from 5.4.4 to 5.4.5 as I believe it should have. After initiating the upgrade/patch, a reboot was required, however, how do I confirm (prove to my clients) that the patch was correctly applied?
Thanks in advance
#10
Posted 02 February 2015 - 10:15 PM
Hi,
What happens with the appliances bought before 2009 (bought in 2008) ?
We have a Barracuda Spam Virus FireWall model 200 … and we continue to pay for the support and maintenance years after years.
I have many concerns about the CVE-2015-0235 vulnerability - GHOST.
I am even more worried that after more than 6 days, there is still no patch available for our Antispam.
I just checked and for our model the latest update available is 6.1.5.006 (2014-11-05)
Can you tell me when the patch for this vulnerability will be available?
#11
Posted 03 February 2015 - 09:24 AM
Sorry... to much coffee !
It's a "Security Definition Updates"...not a firmware update !
Thanks !
#12
Posted 03 February 2015 - 09:56 AM
Hi Rene,
If your device isn't seeing the SECDEF, please contact support so we may research with you
Matthew Willson-Heller
Support Escalation Manager, US
Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com
#13
Posted 03 February 2015 - 01:42 PM
Curt Martell, et al.
We have moved the Archiving issue related to this update to the Archiver forum. We can continue there.
Link: https://community.ba...pped-archiving/
Thanks,
Maxwell Lazaroff
Technical Delivery Manager
#14
Posted 03 February 2015 - 05:35 PM
After rebooting my Web Filter 310 on Saturday, I lost connectivity to the Cisco Switch. My network person had to filter BPDU packets for the ports connecting the web filter since they were going err disabled. Any idea if something in the security patch messed with BDU or STP? I did not have this issue on my SPAM Filter 300.
Jan 31 00:29:51.697 CST: %PM-4-ERR_DISABLE: STANDBY:bpduguard error detected on Gi7/6, putting Gi7/6 in err-disable state
Jan 31 00:39:51.487 CST: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Gi7/2
Jan 31 00:39:51.499 CST: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Gi7/6
.Jan 31 00:39:51.495 CST: %PM-4-ERR_RECOVER: STANDBY:Attempting to recover from bpduguard err-disable state on Gi7/2
.Jan 31 00:39:51.607 CST: %PM-4-ERR_RECOVER: STANDBY:Attempting to recover from bpduguard err-disable state on Gi7/6
Jan 31 00:40:11.870 CST: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi7/2 with BPDU Guard enabled. Disabling port.
Jan 31 00:40:11.870 CST: %PM-4-ERR_DISABLE: bpduguard error detected on Gi7/2, putting Gi7/2 in err-disable state
Jan 31 00:40:11.874 CST: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi7/6 with BPDU Guard enabled. Disabling port.
#15
Posted 03 February 2015 - 05:49 PM
After rebooting my Web Filter 310 on Saturday, I lost connectivity to the Cisco Switch. My network person had to filter BPDU packets for the ports connecting the web filter since they were going err disabled. Any idea if something in the security patch messed with BDU or STP? I did not have this issue on my SPAM Filter 300.
My gut instinct suggests that the Web Filter, perhaps before it boot up, allowed traffic to flow around in circle, allowing BPDUs to come into Gi7/2 and Gi7/6.
#16
Posted 03 February 2015 - 07:47 PM
If you are running hardware that was manufactured prior to June, 2009 and have had and active Instant Replacement (IR) subscription the entire time, you may be eligible for a complementary hardware refresh. If you have not maintained an active Instance Replacement subscription, Barracuda offers discounts to existing customers on replacement equipment.
The patches for units manufactured prior to June 2009 is currently being tested. They will be delivered through a Security Definition Update as soon as they are available.
#17
Posted 04 February 2015 - 03:02 AM
Hi guys,
since there seems to be no hotfix for Barracuda NG FW v5.4.4 I assume that I first have to install 5.4.5 and additionally install the hotfix afterwards.
Is this correct?
Why is there only an update for the most current version?
Kind regards,
Martin
#18
Posted 05 February 2015 - 03:13 AM
Hello Martin,
this specific hotfix is downward compatible and can also be installed on v5.4.4 - you do not have to update to 5.4.5 first in order to apply the hotfix.
- Martin Heerdegen and Marco Miska like this
#19
Posted 09 February 2015 - 06:05 AM
I applies the patch for the NG-F100 firewalls that I manage and the version number shown in the admin interface did not change from 5.4.4 to 5.4.5 as I believe it should have. After initiating the upgrade/patch, a reboot was required, however, how do I confirm (prove to my clients) that the patch was correctly applied?
Thanks in advance
Hi Keith,
as this is only a hotfix, the firmware version number will not change to 5.4.5.
Anyway, to see which hotfixes have been installed onto a NG Firewall system, look for Control - Licenses - Version status (lower window part).
Or take a look at Logs - Box - Release - Update (although on a F100, the reboot clears that log - so this works only for F200 and above, if the hotfix triggers a reboot).
- SVC-AuthDB-Demo likes this
-micha-