[Freeswitch-users] Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability

Michael Jerris mike at jerris.com
Fri Jun 28 18:41:49 MSD 2013 

We always appreciate quality and accurate security and bug reports against Cudatel, in fact it might even make you some money.  You can take a look at details of the program here.

http://barracudalabs.com/?page_id=3456

And yes, we love when those reports include some details of the actual problem as well.

Mike

On Jun 28, 2013, at 7:10 AM, Cal Leeming [Simplicity Media Ltd] <cal.leeming at simplicitymedialtd.co.uk> wrote:

> I assume everyone has already seen this, but here you go.
> 
> Cal
> 
> ---------- Forwarded message ----------
> From: Henri Salo <henri.salo at kapsi.fi>
> Date: Fri, Jun 28, 2013 at 8:41 AM
> Subject: Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability
> To: Vulnerability Lab <research at vulnerability-lab.com>
> Cc: bugtraq at securityfocus.com
> 
> 
> On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote:
> <snip>
> > (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )
> 
> What?
> 
> > Report-Timeline:
> > ================
> > 2012-11-26:   Researcher Notification & Coordination (Chokri Ben Achour)
> > 2012-11-27:   Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
> > 2013-04-03:   Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
> > 2013-05-02:   Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow]
> > 2012-06-00:   Public Disclosure (Vulnerability Laboratory)
> 
> What?
> 
> > Vulnerable Section(s):
> >                               [+] Find Me
> >
> > Vulnerable Module(s):
> >                               [+] Call Forwarding - Add
> >
> > Vulnerable Parameter(s):
> >                               [+] Calling Sequence - Listing
> 
> What?
> 
> Do you hit some "send advisory" -button in your web page without checking the
> details? Why don't you just include PoC?
> 
> ---
> Henri Salo
> 
> <signature.asc>_________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130628/4d728253/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list