-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2015.0007.3
  Multiple vulnerabilities identified in Blue Coat products using OpenSSL
                              23 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Blue Coat Director
                      Blue Coat Management Center
                      Blue Coat Malware Analysis Appliance
                      Blue Coat Malware Analyzer G2
                      Blue Coat Norman Shark Industrial Control System Protection
                      Blue Coat Norman Shark Network Protection
                      Blue Coat Norman Shark SCADA Protection
                      Blue Coat ProxyAV
                      Blue Coat ProxySG
                      Blue Coat Security Analytics Platform
                      Blue Coat SSL Visibility
                      Blue Coat X-Series XOS
                      Blue Coat Content Analysis System
Operating System:     Network Appliance
                      VMware ESX Server
                      Windows
                      Linux variants
Impact/Access:        Access Privileged Data -- Remote/Unauthenticated
                      Modify Arbitrary Files -- Remote/Unauthenticated
                      Denial of Service      -- Remote/Unauthenticated
                      Reduced Security       -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-5139 CVE-2014-3568 CVE-2014-3567
                      CVE-2014-3513 CVE-2014-3512 CVE-2014-3511
                      CVE-2014-3510 CVE-2014-3509 CVE-2014-3508
                      CVE-2014-3507 CVE-2014-3506 CVE-2014-3505
                      CVE-2014-2506  
Member content until: Wednesday, February 18 2015

Revision History:     January 23 2015: Corrected product tag
                      January 23 2015: Added product Blue Coat Content Analysis System
                      January 19 2015: Initial Release

OVERVIEW

        Multiple vulnerabilities have been identified in Blue Coat products
        using OpenSSL versions 0.9.8, 1.0.0 and 1.0.1.
        
        Blue Coat advises "A remote attacker may exploit these 
        vulnerabilities to downgrade to TLS v1.0, leak information, write 
        arbitrary data to memory, cause a buffer overflow, or cause a 
        denial-of-service" [1] and "A remote attacker may exploit these 
        vulnerabilities to allow remote attackers to cause a denial of 
        service due to memory consumption, or to downgrade to an SSL v3 
        handshake". [2]


IMPACT

        Blue Coat provides the following details regarding the 
        vulnerabilities:
        
        "CVE-2014-3505 is a flaw in the DTLS implementation that allows an 
        attacker to force memory to be freed twice, resulting in a crash.
        
        CVE-2014-3506 is a flaw in the DTLS implementation that allows an 
        attacker to use large amounts of memory, resulting in slowdowns 
        and/or a crash.
        
        CVE-2014-3507 is a flaw in the DTLS implementation that allows an 
        attacker to leak memory, resulting in slowdowns and/or a crash.
        
        CVE-2014-3508 allows an attacker to obtain information from the 
        stack if pretty printing output is echoed to the attacker.
        
        CVE-2014-3509 allows a malicious server to crash or overwrite memory
        by sending Elliptic Curve Supported Point Formats Extension data.
        
        CVE-2014-3510 is a flaw in the DTLS client implementation that 
        allows an attacking server to send data that will result in a crash
        due to a null pointer.
        
        CVE-2014-3511 is a flaw in the SSL/TLS server implementaiton that 
        allows an attacking client to force a downgrade to the TLS 1.0 
        protocol even if higher protocol versions are supported by the 
        client and server.
        
        CVE-2014-3512 is a flaw in the SRP implementation that allows a 
        malicious client or server to send invalid parameters that will 
        result in a buffer overflow.
        
        CVE-2014-5139 allows a malicious server to crash a client by 
        specifying an SRP ciphersuite, even if the ciphersuite was not 
        negotiated with the client". [1]
        
        "CVE-2014-3513 is a flaw in the DTLS SRTP implementation that allows
        an attacker to cause a denial-of-service due to memory consumption.
        
        CVE-2014-3567 is a flaw in the implementation of session tickets 
        that allows an attacker to cause a denial-of-service due to memory 
        consumption.
        
        CVE-2014-3568 allows an attacker to force clients and servers to 
        downgrade to SSL v3, even if the version of OpenSSL was built such 
        that SSL v3 should not be allowed." [2]


MITIGATION

        Blue Coat has provided the following fixes which address 
        CVE-2014-3505, CVE-2014-2506, CVE-2014-3507, CVE-2014-3508, 
        CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and 
        CVE-2014-5139:
        
          Product		 	Affected version 	Fix
        
          Malware Analysis Appliance 	MAA 4.1.x 		4.1.4
        
          ProxySG			SGOS 6.2.x 		6.2.16.1
        				SGOS 6.5.x 		6.5.2.10
        
          Security Analytics Platform 	SA 7.1.x 		7.1.5
        
          SSL Visibility 		SSLV 3.7 		3.7.4
        
          Content Analysis System	CAS 1.1			1.1.5.5 [1]
        
        Blue Coat has also provided fixes which address CVE-2014-3513, 
        CVE-2014-3567 and CVE-2014-3568:
        	
          Product			Affected version	Fix
        
          Malware Analysis Appliance	MAA 4.x			4.2.1
        
          Management Center		MC 1.x			1.2 
        
          Content Analysis System	CAS 1.1			1.2.3.1 [2]
        	


REFERENCES

        [1] OpenSSL Security Advisory 06-Aug-2014
            https://bto.bluecoat.com/security-advisory/sa85

        [2] OpenSSL Security Advisory 15-Oct-2014
            https://bto.bluecoat.com/security-advisory/sa87

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVMHp4hLndAQH1ShLAQJhEA//fcP2lZDs7Jn6HTWOI661W1iM6C/lH8LK
SAIsnzYnY/wvjF8rT1HjFbIXPDhrTIzE9m8v9m34v+4IUVGPTOCNCU4ov2ejsrCa
FH6SCeychispuLHMTo3JUjChvRswcCXWlOd83dOOp4d76SavejIY2b594E15+s5b
urPQ87zacUeRxogUPBBTYeS/NexmMKDm+sCzVut6CwrQBWhMgEhjy58tTlReht9D
5A4TNXnEMtwMlBewC3roC7hForU39TCJCQawQ6/ft91CtgUV3t8B2HXQ3rO56sUp
f6aL3An3YS7kD1k8nJCIsLV9dFMdxOroxzC7VJqkfQ8jikF/v7/9LHp0V2RvMIQj
pAJxRaN4dGid2gHUCrUFEg5dBBHYG3Uj9IysraeCgPr95E6ugYogWhohCekdR6mR
TxbENas4fW/Ev1froRA1JImQYrdLbzESQwRK4uVDBLBFCserhz6tZcSijDloPRZ/
WGzMKRmSMTNlMO/MbwM+63vQl5DhvG4kPRCFF7OMTjmJZD34WfKL7Igdxert9yZq
dC1DIzri7HyGBGVK5iL98JvzIp5DrA5sxbZ+BdNAb8INZ8jFY/pjX+JPz3VJiZMz
nRq4gzu/nMGGYjAYTzZFkjQggrwHIjwKT+sLPsef7DixDe8KQDED7QNwSeKDhdcu
eznfHEAl/Rg=
=mCz0
-----END PGP SIGNATURE-----