-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
A vulnerability in OpenSSH has been identified in multiple
Blue Coat products.
29 April 2016
AusCERT Security Bulletin Summary
Product: Blue Coat products
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
CVE Names: CVE-2016-3115
Member content until: Sunday, May 29 2016
Multiple Blue Coat products are affected by a vulnerability in OpenSSH:
"Norman Shark Industrial Control System Protection
ICSP 5.3 is vulnerable.
Norman Shark Network Protection
NNP 5.3 is vulnerable.
Norman Shark SCADA Protection
NSP 5.3 is vulnerable.
The following products contain a vulnerable version of OpenSSH, but are
not vulnerable to known vectors of attack:
Advanced Secure Gateway
ASG 6.6 has a vulnerable version of OpenSSH.
Content Analysis System
CAS 1.2 and 1.3 have a vulnerable version of OpenSSH.
Director 6.1 has a vulnerable version of OpenSSH.
Mail Threat Defense
MTD 1.1 prior to 22.214.171.124 has a vulnerable version of OpenSSH.
Malware Analysis Appliance
MAA 4.2 has a vulnerable version of OpenSSH.
MC 1.5 has a vulnerable version of OpenSSH.
PS 9.2 has a vulnerable version of OpenSSH.
Reporter 10.1 has a vulnerable version of OpenSSH. Reporter 9.4 and
9.5 are not vulnerable.
Security Analytics 6.6, 7.0, and 7.1 have a vulnerable version of
SSLV 3.8, 3.8.4FC, and 3.9 have a vulnerable version of OpenSSH.
XOS 9.7, 10.0 and 11.0 have a vulnerable version of OpenSSH." 
The vendor has provided the following information about the
CVE-2016-3115: "Blue Coat products that include vulnerable versions
of OpenSSH and enable X11 forwarding are susceptible to a command
injection vulnerability due to insufficient input data sanitization.
An authenticated remote attacker can exploit this vulnerability to
bypass intended command restrictions enforced by a restricted shell
or the target's SSH configuration. The attacker can also execute
arbitrary commands." 
The vendor recommends upgrading to versions unaffected by the
 SA121: OpenSSH Shell Command Restriction Bypass
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----