Blue Coat Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0068
   Multiple Bluecoat products are affected by vulnerabilities in OpenSSL
                               11 June 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              CacheFlow
                      Content Analysis System
                      Director
                      IntelligenceCenter
                      Malware Analysis Appliance / Malware Analyzer G2
                      ProxyAV
                      ProxySG
                      Security Analytics Platform
                      SSL Visibility
                      Unified Agent / Client Connector
Operating System:     Network Appliance
                      Windows
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Access Privileged Data          -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
                      Provide Misleading Information  -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-0224 CVE-2014-0221 CVE-2014-0195
                      CVE-2014-0198 CVE-2010-5298 CVE-2014-3470
Member content until: Friday, July 11 2014

OVERVIEW

        Multiple Bluecoat products are affected by vulnerabilities in OpenSSL.


IMPACT

        Blue Coat warns that "Blue Coat products using affected versions of
        OpenSSL 0.9.8, 1.0.0, and 1.0.1 are vulnerable to one or more 
        vulnerabilities in OpenSSL. A remote attacker may exploit these 
        vulnerabilities on clients or servers to become a man-in-the-middle,
        execute arbitrary code, inject data into sessions, or cause a 
        denial-of-service." [1]


MITIGATION

        The vendor has provided the following information regading patches:
        
        "The following products are vulnerable to one or more of these 
        vulnerabilities:
        
        CacheFlow
        
        CacheFlow 2.x and 3.x are vulnerable.
        
        Content Analysis System
        
        CAS 1.1.1.1 through 1.1.5.3 are vulnerable.
        
        Director
        
        Director 5.x and 6.x are vulnerable.
        
        IntelligenceCenter
        
        IC 3.2 is vulnerable.
        
        Malware Analysis Appliance / Malware Analyzer G2
        
        MAA 1.1 and 4.1.1 are vulnerable. MAG2 3.5 is vulnerable.
        
        ProxyAV
        
        ProxyAV 3.4 and 3.5 are vulnerable.
        
        ProxySG
        
        SGOS 6.x and 5.x are vulnerable.
        
        Security Analytics Platform
        
        SA 6.x and 7.x are vulnerable.
        
        SSL Visibility
        
        SSLV 3.6 and 3.7 are vulnerable.
        
        Unified Agent / Client Connector
        
        UA for Windows and OSX 4.1 is vulnerable.
        
        UA for Linux and IBM 1.1 is vulnerable.
        
        Client Connector 1.x is vulnerable.
        
        The following products are not vulnerable:
        
        Android Mobile Agent
        
        PacketShaper
        
        PacketShaper S-Series
        
        PolicyCenter
        
        ProxyClient
        
        Reporter
        
        X-Series
        
        The following products are still under investigation:
        
        DLP" [1]


REFERENCES

        [1] June 6, 2014 - OpenSSL Security Advisory 05-Jun-2014
            https://kb.bluecoat.com/index?page=content&id=SA80&pmv=print&impressions=false

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU5fwmBLndAQH1ShLAQIMWA/+KUzjtzEksxPUIX0PeyAEe6L1lSCIa8Pn
m8FOFbxoOJ45gtpKUFtiyR/jPSE5Ky7aL+zrg/YIvNm1xcruguMvQfmTJOxXWXZh
IZM168t3zxI7DxI67YEN294J2N4SOycj8+gJpyPwaKB2iOnyJsoRrZjohSGmPoWq
vVXtNSiBcDr81M3NFJ8Jud4KV2oNqaSS/kYRhf68/QoslB5tRkVwpVJA1WfXYU7O
CAlsWXAZiu1pMsLhEIxUFQ/5cYMjq/xkxI+YdXMZ0xAYDuSsi2xyPfGtE+bKZMNI
UufMPYsBjm/l1Wv57C9ht2IxDyEmXORPrynF7d0jzi0cCMExRKiXabIdCtYAjWEA
c1dDUerIbAv0HdQzLgJ373Cf832jcmIMiheH9yXr1o/DSk05RpJOYH3jiecFb3fW
P/xRzhdWMR5nCH/FgPQflY9RYjEXl5rCPUYR0NOlDIVJy/padmLcJ8gJBllFd/BQ
42AeD0FxL2DBHzQ2xkKNllBh1BeYjKB75ofLlhzsVEo9e1QQHwLLv8a2S4me7ARm
Km0lsWODu3yvEP7hSqI+AGFdpcoLrrc4GHmuuaKPiva+1NQzTJ0yQJKWmS/lFCY8
XxmqZgjetC2Nmj0Xuw55F8USveu2p+4tRZiA6KJdhsKUTJm8BoiU4kSghmBpb3EW
5y2nvrdPP7Y=
=5fFg
-----END PGP SIGNATURE-----