Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0045 A critical vulnerability in OpenSSL has been identified that affect multiple Blue Coat products 11 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Blue Coat Content Analysis System Blue Coat Malware Analysis Appliance Blue Coat ProxyAV Blue Coat ProxySG Blue Coat SSL Visibility Operating System: Network Appliance Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0160 Member content until: Sunday, May 11 2014 Reference: ASB-2014.0042 ESB-2014.0457 OVERVIEW A critical vulnerability in OpenSSL has been identified that affect multiple Blue Coat products. [1] IMPACT The vendor has provided the following details on the vulnerability: "CVE-2014-0160 (VU#720951) is a buffer over-read flaw in the OpenSSL implementation of the TLS/DTLS heartbeat functionality. The vulnerability is addressed in OpenSSL 1.0.1g. OpenSSL 1.0.1 through 1.0.1f are vulnerable. Vulnerable versions do not handle the heartbeat extension packets properly and will return additional information from the server's adjacent process memory to the requester. Blue Coat products using a vulnerable version of OpenSSL with the heartbeat option enabled are vulnerable. This vulnerability only applies to products acting as a server in the TLS session. An attacker may exploit this flaw to download up to 64 kB of private memory from a server. The attacker cannot specify the location of the memory to read. The exploit can be employed repeatedly to obtain as much information as desired. There is no way to detect that an attacker has exploited this vulnerability or to know what portions of memory may be provided. Memory may contain private keys, symmetric keys, user names, passwords, data used by the service, and data from TLS connections. An attacker could use this information to become a man-in-the-middle for other connections and decrypt traffic previously intercepted. An attacker may also use the passwords to impersonate a user or a client. " [1] MITIGATION The vendor recommends applying the available patch. If a patch for a particular Blue Coat product is not yet available, the vendor recommends the following mitigation steps: "Downgrade to a previous version that is not vulnerable." [1] "Restrict access to vulnerable products, especially to administrative functionality." [1] REFERENCES [1] April 9, 2014 – OpenSSL heartbeat information disclosure (CVE-2014-0160) https://kb.bluecoat.com/index?page=content&id=SA79 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU0dGMBLndAQH1ShLAQKpJBAAmuVWdbGWxJ38/01YCz3dmHMwDkk49OEq 9gObo7q31BRtY4svzDqAJrG/O0f3XHAgFpr2JOxwKZWHnKFx0LRSwPEgI6WZtdLD 60z8uflK0BcUrNMz/yMPocOi0BDXAAt+fLBUiTjLipdbtUMKbbLhuPRGVw4qo5st yp3/Q5LMgs77m92gi2Neesp4wVVQW8+Wxhwojm8VmiKo1koKI2dqwfwVNEuGH1ZB B58GfB726HvzwCBtvSTCLwg4M1a/sr96IakneKMwo1xw4AGg6SMy+xOv0SJncdt0 XiJ5QG0Mo/HPM+4bmpid/MBENWqLYabwahdwNibc5RlobePMvzcQ6gjCtzlfLcpI z/CX2wYzdYZ+vgxUYF0rdArUMZAzYE2XmLx7Biv2xJqyeQSzxKCBZ57McPkXIO0j uoGS4X7Y3jHeb7HitpOkP/jfO44yqasL92Fdpoi18wbBBOxC9/JeSFvIHxaN6m/y wVX+luimrM8KBM8rXak7PqBUaNMbComwwp1ZdNDvwe+E2jdoNWm9Zh3n4utCz72Z Z2ASlWp/YizCryxk1pzyRFnJ91BXKBgaURnFtZ0FhYip+iti4fJjR+YowqH17v3E fVp1F32/eg1sF1by5Vgwt6YrF/eiFFerjje38+BR5faehX+24e/92irYWJ/R/qUH JRyP1a0HgXo= =6Mvd -----END PGP SIGNATURE-----