On Tuesday October 14, the Google Online Security Blog published details of a vulnerability in the design of SSL version 3.0. The vulnerability allows the plain text of secure connections to be captured through a man-in-the-middle attack. The vulnerability is being referred to by the codename POODLE, which stands for for Padding Oracle On Downgraded Legacy Encryption.
SSL 3.0 is an old protocol that is still supported by all major browsers and websites. The protocol is used by these systems when support for the newer TLS encryption is not available. SSL 3.0 is the only protocol affected by this vulnerability. The best way to protect against this vulnerability is to remove or disable SSL 3.0.
Barracuda solutions use TLS for encrypted communication but have SSL 3.0 available as an option for old clients. Barracuda engineers are currently developing new firmware to eliminate SSL 3.0 support on the administration interfaces. We will deliver the new firmware soon. Barracuda Spam Firewall version 6.1.5.003 addresses this issue and is currently being rolled out worldwide.