Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0019 A vulnerability has been discovered in Bluecoat ProxySG 25 February 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Bluecoat ProxySG Operating System: Network Appliance Impact/Access: Administrator Compromise -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2014-2033 Member content until: Thursday, March 27 2014 OVERVIEW A vulnerability has been discovered in Bluecoat ProxySG. Bluecoat warns that "Locally defined users on the ProxySG appliance who have been deleted or whose passwords have been changed can continue to log in to appliance for a brief period of time." [1] IMPACT The vendor provides the following information regarding the impact of this vulnerability: "SGOS supports multiple types of authentication realms for authenticating administrative and proxy users. Most authentication realms use remote authentication databases. Locally defined users and user lists are in the local authentication realm. The local authentication realm is typically used for administrative and console access, but can be used for proxy users as well. When local users change their password, are deleted, or are removed from or added to a user list, changes may take up to 15 minutes to take effect due to caching. If another password-related event (such as a correct login with the new password or a rejected login due to incorrect password) occurs, the time for changes to take effect may be shorter. An attacker who knows the account password can exploit this gap to gain unauthorized administrative access through the Management Console, or the SSH or serial console if the local realm is used for console access. A deleted user would continue to have network access for up to 15 minutes." [1] MITIGATION The vendor has provided the following information regading patches: "ProxySG 6.5 – A fix is available in the 6.5.1.4 and in 6.5.4 and later. ProxySG 6.4 – A fix is available in 6.4.6.2 and later. ProxySG 6.3 – Please upgrade to a later version. ProxySG 6.2 – A fix is available in 6.2.15.4 and later. ProxySG 6.1 – A fix is not yet available as of 6.1.6.3. ProxySG 5.5 – A fix is not yet available as of 5.5.11.3. ProxySG 5.4 and earlier – Please upgrade to a later version. " [1] REFERENCES [1] February 18, 2014 – Changes to ProxySG local users are delayed https://kb.bluecoat.com/index?page=content&id=SA77&actp=RSS AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUwwWfBLndAQH1ShLAQLBbBAApqsbs5K2PTK0Fu4XYTEwQyueCfXdwZfY TFlfezDnNi8lj0i7Ce1pC5PrpiusxKSN2PQ/UDD3SlgKQCKYhbz5IOSUDtFWAWX1 ahX/uY45CNtx2AUoU3TS2ZUsdmLlDaaGQ+7WNsnZxCNKg5SXAVxmNoEae/ZFfKxB IPAFjwmstHwWJThu25dBoIxxyi3yEO+Z6UC33DGaQemHHtVqOOd9nUIGqQ7xKJzp y4gvxDSLQ9KRGTE/0tqJu6hSpOiCnC06U6d/vSQ4rAprZ24GOo2Xe1Zc6IWMilRa RuRafgffPaqgZlAiFGiKkLYkoUqlfddYd+vn3MwFLWACwfw38VyKZy0wpUJ8b4/g 7g+JDgWf8/DfuyYZFSil45GWbSjwHUiqL32P+zaZF3B2OlzvtoH6ZG3NiTFW8Gy8 Xt8F6HTLz+REsfFSvv+Gjns4Z67h9JFBuO94+qpcG1qxJ99IDD+t2QUYaR8huzgS bGLv153ALWe2Rtmx9YgAOucE9IMvN42LIe6AFem9mxfJsXrUOIutpQnbWA1+Umna SYXB3MqBbE2MpQ/lJZLO48u/T6PPBpAxJMP1ZCjGMm53jFZLdRSVYLDPWD5vjifl uNVEQlEK+x3OkPULeyGrIjsZ6ZP/45wSjNYmSLdTc+q4q3ppVIm6aj8n36gLVK7J SEyHKTolcSs= =WQoG -----END PGP SIGNATURE-----