Operating System:

[Appliance]

Published:

29 April 2016

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ASB-2016.0048 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0048
        A vulnerability in OpenSSH has been identified in multiple
                            Blue Coat products.
                               29 April 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Blue Coat products
Operating System:     Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-3115  
Member content until: Sunday, May 29 2016
Reference:            ESB-2016.0670.2

OVERVIEW

        Multiple Blue Coat products are affected by a vulnerability in OpenSSH:
        
        "Norman Shark Industrial Control System Protection
        ICSP 5.3 is vulnerable.
        
        Norman Shark Network Protection
        NNP 5.3 is vulnerable.
        
        Norman Shark SCADA Protection
        NSP 5.3 is vulnerable.
        
        The following products contain a vulnerable version of OpenSSH, but are
        not vulnerable to known vectors of attack:
        
        Advanced Secure Gateway
        ASG 6.6 has a vulnerable version of OpenSSH.
        
        Content Analysis System
        CAS 1.2 and 1.3 have a vulnerable version of OpenSSH.
        
        Director
        Director 6.1 has a vulnerable version of OpenSSH.
        
        Mail Threat Defense
        MTD 1.1 prior to 1.1.2.1 has a vulnerable version of OpenSSH.
        
        Malware Analysis Appliance
        MAA 4.2 has a vulnerable version of OpenSSH.
        
        Management Center
        MC 1.5 has a vulnerable version of OpenSSH.
        
        PacketShaper
        PS 9.2 has a vulnerable version of OpenSSH.
        
        Reporter
        Reporter 10.1 has a vulnerable version of OpenSSH.  Reporter 9.4 and 
        9.5 are not vulnerable.
        
        Security Analytics
        Security Analytics 6.6, 7.0, and 7.1 have a vulnerable version of 
        OpenSSH.
        
        SSL Visibility
        SSLV 3.8, 3.8.4FC, and 3.9 have a vulnerable version of OpenSSH.
        
        X-Series XOS
        XOS 9.7, 10.0 and 11.0 have a vulnerable version of OpenSSH." [1]


IMPACT

        The vendor has provided the following information about the 
        vulnerability:
        
        CVE-2016-3115: "Blue Coat products that include vulnerable versions
        of OpenSSH and enable X11 forwarding are susceptible to a command 
        injection vulnerability due to insufficient input data sanitization.
        An authenticated remote attacker can exploit this vulnerability to 
        bypass intended command restrictions enforced by a restricted shell
        or the target's SSH configuration. The attacker can also execute 
        arbitrary commands." [1]


MITIGATION

        The vendor recommends upgrading to versions unaffected by the 
        vulnerability. [1]


REFERENCES

        [1] SA121: OpenSSH Shell Command Restriction Bypass
            https://bto.bluecoat.com/security-advisory/sa121

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVyLDon6ZAP0PgtI9AQLuRhAAxDS1UUyn9up7uNxUVPaAAw93dXLmrT3b
O/sLJfT9ItoyGEDzQcG0gvY6hEPxzKNO+gbdccs5V2ZsdaB2Hw4YBN9rC9Nht54D
FuNYesbNHHsh11bZq36zS8yUGJs+IWSi/V5OmeWhx4WMgnZhdxYxo81HOTF3NKaj
akh7K2jmdO3Blv9VE4VFjVbv2zaeGydB9kPGu6f66wzHqZv7vZGiGL6DztOG+YDL
3HUpEDserSC5pr/56m9irkrhWhiXzIYsPFuF2bL2eSbMuC8pzfk33AwKJ3OZXZpt
dkUO0nJ5TUOAxDUZJxfRQ0e2rVCRIbWyTUQaL0ZG+XOR6Huw/qSVQw1ENAVCGOg7
vwWWroWooTPeHTANm4mxh/a2U1Ess0j/zUogohm2SCAvxGfq/5ZmDsbmIlo3+/F8
hbMfrQGJYGgxEGl0VuUm/o/ScZGVpW+o3vDdNuYnWZD45XRYNd2zD0COiDIJlc5B
vPnfVK2JyG8Kx7x3EERgUhPAISdwxzcahOXD5E8OmSCRaqiXRCxIZ75E1Tn08Nr1
aZZMdO0dpazgRPr6+vi8pVzX6wYj5wN66ns/0KYQVnrUb18ce3UUYBaf8fzKXmzg
dOWRWt22TVZt+dxrNmUef8yoCiDLa0RrIjkP0j4xTy784QaSi/YrJy+6Zl7l8RuL
unCRI1QgJGs=
=XNSP
-----END PGP SIGNATURE-----