Operating System:

[Appliance]

Published:

11 April 2014

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ASB-2014.0045 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0045
       A critical vulnerability in OpenSSL has been identified that
                    affect multiple Blue Coat products
                               11 April 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Blue Coat Content Analysis System
                      Blue Coat Malware Analysis Appliance
                      Blue Coat ProxyAV
                      Blue Coat ProxySG
                      Blue Coat SSL Visibility
Operating System:     Network Appliance
Impact/Access:        Access Privileged Data -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-0160  
Member content until: Sunday, May 11 2014
Reference:            ASB-2014.0042
                      ESB-2014.0457

OVERVIEW

        A critical vulnerability in OpenSSL has been identified that affect
        multiple Blue Coat products. [1]


IMPACT

        The vendor has provided the following details on the vulnerability:
        
        "CVE-2014-0160 (VU#720951) is a buffer over-read flaw in the OpenSSL 
        implementation of the TLS/DTLS heartbeat functionality. The 
        vulnerability is addressed in OpenSSL 1.0.1g. OpenSSL 1.0.1 through 
        1.0.1f are vulnerable. Vulnerable versions do not handle the heartbeat 
        extension packets properly and will return additional information from 
        the server's adjacent process memory to the requester.
        
        Blue Coat products using a vulnerable version of OpenSSL with the 
        heartbeat option enabled are vulnerable. This vulnerability only 
        applies to products acting as a server in the TLS session.
        
        An attacker may exploit this flaw to download up to 64 kB of private 
        memory from a server. The attacker cannot specify the location of the 
        memory to read. The exploit can be employed repeatedly to obtain as 
        much information as desired. There is no way to detect that an 
        attacker has exploited this vulnerability or to know what portions of 
        memory may be provided.
        
        Memory may contain private keys, symmetric keys, user names, passwords, 
        data used by the service, and data from TLS connections. An attacker 
        could use this information to become a man-in-the-middle for other 
        connections and decrypt traffic previously intercepted. An attacker 
        may also use the passwords to impersonate a user or a client. " [1]


MITIGATION

        The vendor recommends applying the available patch. If a patch for a
        particular Blue Coat product is not yet available, the vendor recommends
        the following mitigation steps:
        
        "Downgrade to a previous version that is not vulnerable." [1]
        "Restrict access to vulnerable products, especially to administrative 
        functionality." [1]


REFERENCES

        [1] April 9, 2014 – OpenSSL heartbeat information disclosure
            (CVE-2014-0160)
            https://kb.bluecoat.com/index?page=content&id=SA79

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU0dGMBLndAQH1ShLAQKpJBAAmuVWdbGWxJ38/01YCz3dmHMwDkk49OEq
9gObo7q31BRtY4svzDqAJrG/O0f3XHAgFpr2JOxwKZWHnKFx0LRSwPEgI6WZtdLD
60z8uflK0BcUrNMz/yMPocOi0BDXAAt+fLBUiTjLipdbtUMKbbLhuPRGVw4qo5st
yp3/Q5LMgs77m92gi2Neesp4wVVQW8+Wxhwojm8VmiKo1koKI2dqwfwVNEuGH1ZB
B58GfB726HvzwCBtvSTCLwg4M1a/sr96IakneKMwo1xw4AGg6SMy+xOv0SJncdt0
XiJ5QG0Mo/HPM+4bmpid/MBENWqLYabwahdwNibc5RlobePMvzcQ6gjCtzlfLcpI
z/CX2wYzdYZ+vgxUYF0rdArUMZAzYE2XmLx7Biv2xJqyeQSzxKCBZ57McPkXIO0j
uoGS4X7Y3jHeb7HitpOkP/jfO44yqasL92Fdpoi18wbBBOxC9/JeSFvIHxaN6m/y
wVX+luimrM8KBM8rXak7PqBUaNMbComwwp1ZdNDvwe+E2jdoNWm9Zh3n4utCz72Z
Z2ASlWp/YizCryxk1pzyRFnJ91BXKBgaURnFtZ0FhYip+iti4fJjR+YowqH17v3E
fVp1F32/eg1sF1by5Vgwt6YrF/eiFFerjje38+BR5faehX+24e/92irYWJ/R/qUH
JRyP1a0HgXo=
=6Mvd
-----END PGP SIGNATURE-----