-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
A vulnerability has been discovered in Bluecoat ProxySG
25 February 2014
AusCERT Security Bulletin Summary
Product: Bluecoat ProxySG
Operating System: Network Appliance
Impact/Access: Administrator Compromise -- Console/Physical
CVE Names: CVE-2014-2033
Member content until: Thursday, March 27 2014
A vulnerability has been discovered in Bluecoat ProxySG. Bluecoat warns
that "Locally defined users on the ProxySG appliance who have been
deleted or whose passwords have been changed can continue to log in to
appliance for a brief period of time." 
The vendor provides the following information regarding the impact of
"SGOS supports multiple types of authentication realms for
authenticating administrative and proxy users. Most authentication
realms use remote authentication databases. Locally defined users and
user lists are in the local authentication realm. The local
authentication realm is typically used for administrative and console
access, but can be used for proxy users as well.
When local users change their password, are deleted, or are removed
from or added to a user list, changes may take up to 15 minutes to
take effect due to caching. If another password-related event (such
as a correct login with the new password or a rejected login due to
incorrect password) occurs, the time for changes to take effect may
An attacker who knows the account password can exploit this gap to
gain unauthorized administrative access through the Management
Console, or the SSH or serial console if the local realm is used for
console access. A deleted user would continue to have network access
for up to 15 minutes." 
The vendor has provided the following information regading patches:
"ProxySG 6.5 Ã¢Â€Â“ A fix is available in the 188.8.131.52 and in 6.5.4 and later.
ProxySG 6.4 Ã¢Â€Â“ A fix is available in 184.108.40.206 and later.
ProxySG 6.3 Ã¢Â€Â“ Please upgrade to a later version.
ProxySG 6.2 Ã¢Â€Â“ A fix is available in 220.127.116.11 and later.
ProxySG 6.1 Ã¢Â€Â“ A fix is not yet available as of 18.104.22.168.
ProxySG 5.5 Ã¢Â€Â“ A fix is not yet available as of 22.214.171.124.
ProxySG 5.4 and earlier Ã¢Â€Â“ Please upgrade to a later version. " 
 February 18, 2014 Ã¢Â€Â“ Changes to ProxySG local users are delayed
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----