Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.3085.2 SA133: SWEET32 Birthday Attack against DES, 3DES, and Blowfish 10 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Bluecoat products Publisher: Bluecoat Advisory Operating System: Network Appliance Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2016-2183 Reference: ASB-2016.0120 ASB-2016.0095 ESB-2016.3077 ESB-2016.3062 Original Bulletin: https://bto.bluecoat.com/security-advisory/sa133 Revision History: April 10 2018: Update from vendor: A fix to disable 3DES for SMTP alerts in SSLV 3.9 is available in 3.9.7.1 December 23 2016: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish Security Advisory ID: SA133 Published Date: Dec 22, 2016 Advisory Status: Interim Advisory Severity: Medium CVSS v2 base score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE Number: CVE-2016-2183 - 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-6329 - 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N) Blue Coat products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack. A remote attacker with the ability to observe a long-lived encrypted connection can obtain plaintext, such as authentication credentials, without knowing the secret encryption key. Affected Products: The following products are vulnerable: Advanced Secure Gateway ASG 6.6 enables 3DES and Blowfish by default for the SSH management console. ASG 6.6 also enables 3DES by default for the HTTPS management console, SSL reverse proxy, SSL device profiles. ASG 6.6 also enables DES and 3DES by default for the SSL forward proxy. See Workarounds section for instructions to disable the insecure ciphers for these interfaces. ASG 6.6 also enables 3DES by default for connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled. ASG 6.7 disables 3DES and Blowfish by default for the SSH management console. It also disables 3DES by default for the HTTPS management console, SSL reverse proxy, and SSL device profiles. ASG 6.7 also enables DES and 3DES by default for the SSL forward proxy. See Workarounds section for instructions to disable the insecure ciphers for these interfaces. ASG 6.7 also enables 3DES by default for connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled. BCAAA BCAAA 6.1 enables DES and 3DES for LDAPS connections for Novell SSO realm authentication. DES and 3DES cannot be disabled. CacheFlow CacheFlow 3.4 enables 3DES and Blowfish for the SSH management console. They cannot be disabled. CacheFlow 3.4 also enables 3DES by default for the HTTPS management console. It also enables DES and 3DES by default for SSL device profiles. See Workarounds section for instructions to disable DES and 3DES for the SSL interfaces. Client Connector Client Connector 1.6 enables DES and 3DES for SSL connections to Cloud. The connections are short-lived and do not contain sufficient amount of encrypted plaintext to exploit CVE-2016-2183. DES and 3DES can be disabled for Client Connector on Windows. See Workarounds section for instructions. Cloud Data Protection for Salesforce CDP-SFDC 2.5, 4.6, and 4.7 enable 3DES by default for all SSL interfaces. CDP-SFDC 4.9, 4.10, and 4.12 disable 3DES by default in newly initialized systems. See Workarounds section for instructions to ensure that 3DES is disabled. Cloud Data Protection for Salesforce Analytics CDP-WAVE 4.7 enables 3DES by default for all SSL interfaces. CDP-WAVE 4.9 and 4.10 disable 3DES by default in newly initialized systems. See Workarounds section for instructions to ensure that 3DES is disabled. Cloud Data Protection for ServiceNow CDP-SNOW 4.6 and 4.7 enable 3DES by default for all SSL interfaces. CDP-SNOW 4.9, 4.10, and 4.12 disable 3DES by default in newly initialized systems. See Workarounds section for instructions to ensure that 3DES is disabled. Cloud Data Protection Communication Server CDP-COMMSVR 2.4, 2.5, 4.6, and 4.7 enable 3DES by default for all SSL interfaces. CDP-COMMSVR 4.9, 4.10, and 4.12 disable 3DES by default for newly initialized systems. See Workarounds section for instructions to ensure that 3DES is disabled. Cloud Data Protection Integration Server CDP-INTSVR 4.6, 4.7, and 4.8 enable 3DES by default for all SSL interfaces. CDP-INTSVR 4.9, 4.10, and 4.12 disable 3DES by default for newly initialized systems. See Workarounds section for instructions to ensure that 3DES is disabled. Cloud Data Protection Policy Builder CDP-PBUILDER 4.6 and 4.7 enable 3DES by default for all SSL interfaces. CDP-PBUILDER 4.9 and 4.10 disable 3DES by default for newly initialized systems. See Workarounds section for instructions to ensure that 3DES is disabled. Content Analysis System CAS 1.3 enables 3DES for the HTTPS management console, SSH management CLI, SSH connections to FireEye AX, SFTP connections to Reporter, and LDAPS connections. It also enables 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled for those interfaces. CAS 1.3 also enables 3DES by default for the secure ICAP server. See Workarounds section for instructions to disable 3DES for the secure ICAP server. CAS 2.1 and 2.2 enable 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled for those interfaces. CAS 2.1 and 2.2 disable 3DES by default for the secure ICAP server. Director Director 6.1 enables 3DES for the SSH CLI, SSH connections to ProxySG, SSH connections to other Director appliances, SSL connections to Blue Coat, and SSL connections for software update downloads. 3DES cannot be disabled. IntelligenceCenter IC 3.3 enables DES and 3DES for the web UI, SSL connections from and to IntelligenceCenter Data Collector, and SSL connections to PacketShaper. DES and 3DES cannot be disabled. IntelligenceCenter Data Collector DC 3.3 enables DES and 3DES for the web UI, SSL connections from and to IntelligenceCenter, and SSL connections to PacketShaper. DES and 3DES cannot be disabled. Malware Analysis Appliance MAA 4.2 enables 3DES by default for the management CLI and SSL connections to Blue Coat. It cannot be disabled. 3DES is disabled by default for the management web UI. Mail Threat Defense MTD 1.1 enables 3DES for the HTTPS management console, SSH management CLI, SSH connections to FireEye AX, SFTP connections to Reporter, and LDAPS connections. It also enables 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled for those interfaces. Management Center MC 1.7 and 1.8 enable 3DES for the management CLI, SSH failover connections, and SSL connections to Blue Coat. MC 1.9 enables 3DES for SSL connections to Blue Coat. 3DES cannot be disabled. MC 1.10 and later releases are not vulnerable. Norman Shark Industrial Control System Protection ICSP 5.3 enables 3DES and Blowfish by default for the management CLI. It also enables 3DES by default for the web UI. See Workarounds section for instructions to disable them. Norman Shark Network Protection NNP 5.3 enables 3DES and Blowfish by default for the management CLI. It also enables 3DES by default for the web UI. See Workarounds section for instructions to disable them. Norman Shark SCADA Protection NSP 5.3 enables 3DES and Blowfish by default for the management CLI. It also enables 3DES by default for the web UI. See Workarounds section for instructions to disable them. PacketShaper PS 9.2 prior to 9.2.13p2 enables DES and 3DES for the management CLI and all SSL interfaces. 3DES cannot be disabled. PacketShaper S-Series PS S-Series 11.5, 11.6, 11.7, 11.8, and 11.9 enable 3DES for SSL connections to Blue Coat and LDAPS connections to PolicyCenter S-Series. PS S-Series 11.5, 11.6, and 11.7 also enable 3DES for the management CLI. 3DES cannot be disabled for those interfaces. PS S-Series 11.5, 11.6, 11.7, 11.8, and 11.9 disable 3DES by default for the web UI. See Workarounds section for instructions to ensure that 3DES is disabled for the web UI. PolicyCenter PC 9.2 prior to 9.2.13p2 enables DES and 3DES for the management CLI and all SSL interfaces. 3DES cannot be disabled. PolicyCenter S-Series PC S-Series 1.1 enables 3DES for the management CLI and SSL connections to Blue Coat. PC S-Series 1.1 prior 1.1.2.2 also enables 3DES for the LDAPS server. 3DES cannot be disabled for those interfaces. It disables 3DES by default for the web UI. See Workarounds section for instructions to ensure that 3DES is disabled for the web UI. ProxyAV ProxyAV 3.5 enables 3DES for the HTTPS management console, secure ICAP server, and SSL clients connections. See Workarounds sections for instructions to disable 3DES. ProxyClient ProxyClient 3.4 enables DES and 3DES for SSL connections to Cloud. The connections are short-lived and do not contain sufficient amount of encrypted plaintext to exploit CVE-2016-2183. DES and 3DES can be disabled for ProxyClient on Windows. See Workarounds section for instructions. ProxySG ProxySG 6.5 and 6.6 enable 3DES and Blowfish by default for the SSH management console. They also enable 3DES by default for the HTTPS management console, SSL reverse proxy, and SSL device profiles. ProxySG 6.7 disables 3DES and Blowfish by default for the HTTPS management console in newly initialized systems. It also disables DES and 3DES by default for the HTTPS management console, SSL reverse proxy, and SSL device profiles in newly initialized systems. All versions of ProxySG enable DES and 3DES for the SSL forward proxy. See Workarounds section for instructions to disable the insecure ciphers for all interfaces. Reporter Reporter 9.4 and 9.5 prior to 9.5.3.5 enable 3DES for the HTTPS management console. Reporter 9.4 and 9.5 also enable 3DES for LDAPS client connections. 3DES can be disabled for both interfaces. See Workarounds section for instructions. Reporter 10.1 enables 3DES for the HTTPS management console, FTPS server, and LDAPS client connections. Reporter 10.1 prior to 10.1.5.4 also enables 3DES for the SSH management CLI and SSL connections to Blue Coat. 3DES cannot be disabled. SSL Visibility SSLV 3.8.4FC, 3.9, 3.10, 3.11 prior to 3.11.4.1, and 4.0 enable 3DES for Host Categorization database downloads. SSLV 3.8.4FC, 3.9 prior to 3.9.7.1, and 3.10 prior to 3.10.2.1 enable 3DES for SMTP alerts. SSLV 4.0 enable 3DES for SSL connections to Blue Coat. 3DES cannot be disabled. SSLV 3.12 and 4.1 and later releases are not vulnerable. Unified Agent UA 4.1, 4.6, and 4.7 enable DES and 3DES for SSL connections to ProxySG and Cloud. The connections are short-lived and do not contain sufficient amount of encrypted plaintext to exploit CVE-2016-2183. DES and 3DES can be disabled for Unified Agent on Windows. See Workarounds section for instructions. UA 4.8 is not vulnerable. X-Series XOS XOS 9.7, 10.0, and 11.0 enable by default 3DES for the management web UI and CLI. The following products are not vulnerable: Android Mobile Agent AuthConnector Blue Coat HSM Agent for the Luna SP Cloud Data Protection for Oracle Sales Cloud General Auth Connector Login Application K9 ProxyAV ConLog and ConLogXP The following products are under investigation: Security Analytics Blue Coat no longer provides vulnerability information for the following products: DLP Please, contact Digital Guardian technical support regarding vulnerability information for DLP. Advisory Details: Blue Coat products that support DES, 3DES, or Blowfish block symmetric encryption ciphers in long-lived SSL/TLS, SSH, and VPN connections are vulnerable to the Sweet32 birthday attack. CVE-2016-6329 identifies the Sweet32 attack against OpenVPN implementations that use the Blowfish cipher. CVE-2016-2183 identifies the Sweet32 attack against SSL/TLS, SSH, and other VPN implementations that use the DES and 3DES ciphers. Block symmetric encryption ciphers have a limit on the number of blocks of plaintext that can be securely encrypted with the same key. This limit stems from the "birthday paradox" and is known as the birthday bound. The birthday bound depends on the cipher block size and is 2N/2 blocks for a cipher with block size N and a cipher mode such as CBC. If two communicating parties encrypt plaintext with the same key and reach the birthday bound, there is a significant probability for ciphertext collisions, where two different plaintexts are encrypted to the same ciphertext. When the CBC block cipher mode is used, each ciphertext collision reveals the XOR of the two plaintexts that were encrypted. The DES, 3DES, and Blowfish encryption ciphers use block size of 64 bits. It is sufficient to encrypt 32GB of plaintext with the same key to reach the birthday bound. The SSL/TLS, SSH, and VPN protocols support encryption with 64-bit block ciphers in CBC mode and do not renegotiate encryption keys within the same secure session. If two communicating parties exchange a sufficient amount of data over a long-lived SSL/TLS, SSH, or VPN session, a man-in-the-middle (MITM) attacker can obtain XORs of pairs of plaintext. If the attacker can control or guess one of the plaintexts, they can obtain the other plaintext without knowing the secret encryption key. The Blue Coat HSM Agent for the Luna SP is not vulnerable to Sweet32, but the underlying Apache Tomcat server on the SafeNet LunaSP3 may be vulnerable. Customers should contact SafeNet for more information about Sweet32. Workarounds: Blue Coat's ProxySG appliance can be used to prevent attacks using CVE-2016-2183. Customers using ProxySG as a forward proxy can protect SSL clients and servers by blocking in policy SSL flows that use 3DES cipher suites. ProxySG 6.5 and 6.6 customers can use the following CPL syntax: <SSL> client.connection.negotiated_cipher=list-of_DES_and_DES-CBC3_ciphers deny <SSL> server.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_ciphers deny Blue Coat's SSLV appliance can also be used to prevent attacks using CVE-2016-2183. Customers using SSLV in inline deployments can protect SSL clients and servers by blocking in policy SSL flows that use 3DES cipher suites. SSLV 3.x customers can use the following configuration steps: 1. Open the Policies > Cipher Suites Lists web UI page and create a new cipher suites list. 2. Select the new cipher suites list and use the Add button in the Cipher Suites panel repeatedly to add all DES and 3DES cipher suites to the list. The cipher suites have the strings "DES" and "3DES" in their names. 3. In the Policies > Rulesets web UI page, select the desired ruleset and add a "Drop" or "Reject" rule using the new cipher suites list. If necessary, re-order the rules in the ruleset to ensure that the new rule has the correct priority. CVE-2016-2183 can be remediated on CacheFlow by ensuring that 3DES cipher suites are disabled for the HTTPS management console and all SSL device profiles. Customers should use the following steps in configuration mode to disables all 3DES cipher suites: #(config) management-services #(config management-services) edit HTTPS-Console #(config HTTPS-Console) attribute cipher-suite list_excluding_DES_and_DES-CBC3_cipher_suites #(config HTTPS-Console) exit #(config management-services) exit #(config) ssl #(config ssl) edit ssl-device-profile profile_name #(config device-profile profile_name) cipher-suite list_excluding_DES_and_DES-CBC3_cipher_suites #(config device-profile profile_name) exit #(config ssl) exit CVE-2016-2183 can be remediated on Client Connector for Windows by disabling 3DES cipher suites for SSL client connections. Customers can use the "Local Computer Policy/Computer Configuration/Administrative Templates/Network/SSL Configuration Settings/SSL Cipher Suite Order" setting in the Windows Local Group Policy Editor (gpedit.msc) to disable 3DES cipher suites. CVE-2016-2183 can be remediated on CDP by disabling 3DES cipher suites for all SSL interfaces. Customers can add the "DESede" algorithm name to the jdk.tls.disabledAlgorithms JVM property for all CDP components. CVE-2016-2183 can be remediated on CAS by disabling 3DES cipher suites for the secure ICAP server. To view the enabled SSL cipher suites, access the CAS management console and navigate to the "Settings > ICAP" page. Deselect all DES-CBC3 cipher suites under "Cipher Selection" and save the changes. CVE-2016-2183 can be remediated on ICSP, NNP, and NSP by disabling 3DES and Blowfish for the web UI and CLI. Customers should remove DES-CBC3-SHA from the ssl_ciphers list in the nginx web server configuration file, add the following line to the SSH daemon configuration file: Ciphers aes256-ctr,aes192-ctr,aes128-ctr and reboot the system. CVE-2016-2183 can be remediated on PacketShaper S-Series by disabling 3DES for the web UI. Customers should use the following CLI command: sys set useStrongCiphers 1 CVE-2016-2183 can be remediated on PolicyCenter S-Series by disabling 3DES for the web UI. Customers should use the following CLI command: pc setup ssl strength strong CVE-2016-2183 can be remediated on ProxyAV by disabling 3DES cipher suites for SSL clients, the management console and the secure ICAP server. To view the enabled SSL cipher suites, access the ProxyAV management console. Navigate to "Advanced/SSL Client" for the SSL client settings, "Network/Ciphers suite lists for HTTPS administration" for the management console settings and "ICAP Settings" for the secure ICAP server settings. Deselect all DES-CBC3 cipher suites and save the changes on each of these pages. CVE-2016-2183 can be remediated on ProxyClient for Windows by disabling 3DES cipher suites for SSL client connections. Customers can use the "Local Computer Policy/Computer Configuration/Administrative Templates/Network/SSL Configuration Settings/SSL Cipher Suite Order" setting in the Windows Local Group Policy Editor (gpedit.msc) to disable 3DES cipher suites. CVE-2016-2183 can be remediated for the SSH management console, HTTPS management console, SSL reverse proxy, and SSL device profiles on ASG and ProxySG by disabling Blowfish, DES, and 3DES ciphers. Customers can use the following CLI commands in configuration mode: #(config) ssh-console #(config ssh-console) ciphers remove 3des-cbc #(config ssh-console) ciphers remove blowfish-cbc #(config ssh-console) exit #(config) management-services #(config management-services) edit HTTPS-Console #(config HTTPS-Console) attribute cipher-suite <select_list_excluding_DES_and_DES-CBC3_cipher_suites> #(config HTTPS-Console) exit #(config management-services) exit #(config) proxy-services #(config proxy-services) edit service_name #(config service_name) attribute cipher-suite <select_list_excluding_DES_and_DES-CBC3_cipher_suites> #(config service_name) exit #(config proxy-services) exit #(config) ssl #(config ssl) edit ssl-device-profile profile_name #(config device-profile profile_name) cipher-suite <select_list_excluding_DES_and_DES-CBC3_cipher_suites> #(config device-profile profile_name) exit #(config ssl) exit DES and 3DES cipher suites cannot be disabled for the SSL forward proxy. ProxySG 6.5 and 6.6 customers can use the following CPL syntax in policy to block intercepted SSL flows that use DES and 3DES cipher suites: <SSL> client.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_cipher_suites deny <SSL> server.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_cipher_suites deny CVE-2016-2183 can be remediated on Reporter by disabling 3DES for the HTTPS management console and LDAPS client connections. Customers can add the following cipher_list line to preferences.cfg to disable 3DES cipher suites for the HTTPS management console: protocols = { http = { ssl = { ... cipher_list="!DES:!3DES" ... } # ssl } # http } Reporter 9.x customers can edit settings/preferences.cfg directly in the Reporter 9.x installation directory. Reporter 10.1 customers can edit preferences.cfg using the CLI: Reporter> enable Admin password: Reporter# stop-reporter Are you sure you want to stop Reporter (this could take several minutes - or more)- [y/N] y ..............................bcreporter stop/waiting Reporter# configure edit preferences.cfg <edit preferences.cfg in text editor> "settings/preferences.cfg" 193 lines, 4960 characters written Changes to preferences.cfg: 32a33 > cipher_list = "!DES:!3DES" Reporter# configure commit preferences.cfg Reporter# start-reporter Starting Reporter will discard any uncommitted configuration file changes you have made. Are you sure you want to start Reporter- [y/N] y Reporter starting.......... Reporter 9.x for Windows uses the Windows LDAP API for LDAPS client connections. Customers can ensure that DES and 3DES cipher suites are disabled for the Microsoft Schannel Provider. There is no workaround to disable 3DES cipher suites for LDAPS client connections in Reporter 10.1. CVE-2016-2183 can be remediated on Unified Agent for Windows by disabling DES and 3DES cipher suites for SSL client connections. Customers can use the "Local Computer Policy/Computer Configuration/Administrative Templates/Network/ SSL Configuration Settings/SSL Cipher Suite Order" setting in the Windows Local Group Policy Editor (gpedit.msc) to disable DES and 3DES cipher suites. Patches: Advanced Secure Gateway ASG 6.7 - 3DES and Blowfish are disabled by default in 6.7.2.1 for the SSH management console. 3DES is also disabled by default in 6.7.2.1 for the HTTPS management console, HTTPS reverse proxy, and SSL device profiles. The algorithms are disabled only for newly initialized systems - see Workarounds section for instructions to ensure that 3DES and Blowfish are disabled after a software upgrade. ASG 6.6 - 3DES is disabled by default for the HTTPS management console, HTTPS reverse proxy, and SSL device profiles in 6.6.5.2. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. A fix is not available for the management CLI at this time. BCAAA BCAAA 6.1 - a fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information. CacheFlow CacheFlow 3.4 - a fix is not available at this time. Client Connector Client Connector 1.6 - a fix will not be provided. Please upgrade to the latest version of Unified Agent with the vulnerability fixes. Cloud Data Protection for Salesforce CDP-SFDC 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. CDP-SFDC 4.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-SFDC 4.6 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-SFDC 2.5 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Cloud Data Protection for Salesforce Analytics CDP-WAVE 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. CDP-WAVE 4.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Cloud Data Protection for ServiceNow CDP-SNOW 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. CDP-SNOW 4.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-SNOW 4.6 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Cloud Data Protection Communication Server CDP-COMMSVR 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. CDP-COMMSVR 4.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-COMMSVR 4.6 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-COMMSVR 2.5 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-COMMSVR 2.4 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Cloud Data Protection Integration Server CDP-INTSVR 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. CDP-INTSVR 4.8 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-INTSVR 4.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-INTSVR 4.6 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Cloud Data Protection Policy Builder CDP-PBUILDER 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. CDP-PBUILDER 4.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. CDP-PBUILDER 4.6 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Content Analysis System CAS 2.2 - a fix is not available at this time. CAS 2.1 - a fix is not available at this time. CAS 1.3 - a fix is not available at this time. Director Director 6.1 - a fix is not available at this time. IntelligenceCenter IC 3.3 - a fix is not available at this time. IntelligenceCenter Data Collector DC 3.3 - a fix is not available at this time. Malware Analysis Appliance MAA 4.2 - a fix is not available at this time. Mail Threat Defense MTD 1.1 - a fix is not available at this time. Management Center MC 1.10 - a fix is available in 1.10.1.1. MC 1.9 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. MC 1.8 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. MC 1.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Norman Shark Industrial Control System Protection ICSP 5.3 - a fix is not available at this time. Norman Shark Network Protection NNP 5.3 - a fix is not available at this time. Norman Shark SCADA Protection NSP 5.3 - a fix is not available at this time. PacketShaper PS 9.2 - 3DES is disabled in 9.2.13p2 for the management CLI and all SSL interfaces except LDAPS connections to the Oracle Directory Server. 3DES support for LDAPS connections is required by the Oracle Directory Server. PacketShaper S-Series PS S-Series 11.9 - a fix is not available at this time. PS S-Series 11.8 - a fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. PS S-Series 11.7 - a fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. PS S-Series 11.6 - a fix is not available at this time. PS S-Series 11.5 - a fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. PolicyCenter PC 9.2 - 3DES is disabled in 9.2.13p2 for the management CLI and all SSL interfaces except LDAPS connections to the Oracle Directory Server. 3DES support for LDAPS connections is required by the Oracle Directory Server. PolicyCenter S-Series PC S-Series 1.1 - a fix is not available at this time. ProxyAV ProxyAV 3.5 - a fix is not available at this time. ProxyClient ProxyClient 3.4 - a fix will not be provided. Please upgrade to the latest version of Unified Agent with the vulnerability fixes. ProxySG ProxySG 6.7 - 3DES and Blowfish are disabled by default in 6.7.1.1 for the SSH management console. 3DES is also disabled by default in 6.7.1.1 for the HTTPS management console, HTTPS reverse proxy, and SSL device profiles. The algorithms are disabled only for newly initialized systems - see Workarounds section for instructions to ensure that 3DES and Blowfish are disabled after a software upgrade. ProxySG 6.6 - 3DES is disabled by default for all SSL interfaces in 6.6.5.2. 3DES is disabled only for newly initialized systems - see Workarounds section for instructions to disable 3DES after a software upgrade. A fix is not available for the management CLI at this time. ProxySG 6.5 - a fix is not available at this time. Reporter Reporter 10.1 - 3DES is disabled for the SSH management CLI and SSL connections to Blue Coat in 10.1.5.4. A fix to disable 3DES for LDAPS client connections and the FTP server is not avaialble at this time. Reporter 9.5 - 3DES is disabled for the HTTPS management console in 9.5.3.5. See Workarounds section for instructions to disable 3DES for LDAPS client connections. Reporter 9.4 - a fix will not be provided. See Workarounds section for instructions disable 3DES for the HTTPS management console and LDAPS client connections. SSL Visibility SSLV 4.1 - a fix is available in 4.1.1.1. SSLV 4.0 - a fix is not available at this time. SSLV 3.12 - a fix is available in 3.12.1.1. SSLV 3.11 - a fix is available in 3.11.4.1. SSLV 3.10 - 3DES is disabled for SMTP alerts in 3.10.2.1. A fix to disable 3DES for Host Categorization database downloads is not available at this time. SSLV 3.9 - 3DES is disabled for SMTP alerts in 3.9.7.1. A fix to disable 3DES for Host Categorization database downloads will not be provided. Please upgrade to the latest version with the vulnerability fixes. SSLV 3.8.4FC - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. Unified Agent UA 4.8 - a fix is available in 4.8.0. UA 4.7 - a fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. UA 4.6 - a fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. UA 4.1 - a fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. X-Series XOS XOS 11.0 - a fix is not available at this time. XOS 10.0 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. XOS 9.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fixes. References: CVE-2016-2183 - https://nvd.nist.gov/vuln/detail/CVE-2016-2183 CVE-2016-6329 - https://nvd.nist.gov/vuln/detail/CVE-2016-6329 Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN - https:// sweet32.info Advisory History: 2018-04-06 A fix to disable 3DES for SMTP alerts in SSLV 3.9 is available in 3.9.7.1. 2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1. 2017-11-13 PS S-Series 11.8 and 11.9 enable 3DES for SSL connections to Blue Coat and LDAPS connections to PolicyCenter S-Series. 3DES cannot be disabled for those interfaces. PS S-Series 11.8 and 11.9 disable 3DES by default for the web UI. See Workarounds section for instructions to ensure that 3DES is disabled for the web UI. 2017-11-08 CAS 2.2 enables 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. It disables 3DES by default for the secure ICAP server. 2017-11-06 ASG 6.7 disables 3DES and Blowfish by default for the SSH management console. It also disables 3DES by default for the HTTPS management console, SSL reverse proxy, and SSL device profiles. ASG 6.7 also enables DES and 3DES by default for the SSL forward proxy. See Workarounds section for instructions to disable the insecure ciphers for these interfaces. ASG 6.7 also enables 3DES by default for connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled. 2017-08-03 SSLV 4.1 is not vulnerable because a fix is available in 4.1.1.1. 2017-07-27 3DES is disabled for the Reporter 9.5 HTTPS management console in 9.5.3.5. 2017-07-23 MC 1.10 is not vulnerable because a fix is available in 1.10.1.1. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-07-18 Reporter 10.1 also enables 3DES for the FTPS server. 3DES cannot be disabled. 2017-07-13 Reporter 9.4 and 9.5 enable 3DES for the HTTPS management console and LDAPS client connections. 3DES can be disabled for both interfaces. See Workarounds section for instructions. Reporter 10.1 enables 3DES for the HTTPS management console and LDAPS client connections. Reporter 10.1 prior to 10.1.5.4 also enables 3DES for the SSH management CLI and SSL connections to Blue Coat. 3DES cannot be disabled. 2017-07-10 A fix for SSLV 3.11 is available in 3.11.4.1. 2017-06-27 It was previously reported that SSLV 3.9 (3.9.7.1 and later), 3.10 (3.10.2.1 and later), 3.11, and 4.0 do not enable 3DES for Host Categorization database downloads. Further investigation indicates that SSLV 3.9, 3.10, 3.11, and 4.0 enable 3DES for Host Categorization. 2017-06-20 Added CVE-2016-6329 to Security Advisory. 2017-05-29 UA 4.8 is not vulnerable because a fix is available in 4.8.0. 2017-05-18 CAS 2.1 enables 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. It disables 3DES by default for the secure ICAP server. CDP-SFDC 4.12, CDP-SNOW 4.12, CDP-COMMSVR 4.12, and CDP-INTSVR 4.12 disable 3DES by default for all SSL interfaces on newly initialized systems. 2017-03-30 MC 1.9 enables 3DES for SSL connections to Blue Coat. 2017-03-16 A fix for SSLV 3.10 is available in 3.10.2.1. 2017-03-08 ProxySG 6.7.1.1 disables 3DES and Blowfish by default for the SSH management console. It also disables 3DES by default for the HTTPS management console, HTTPS reverse proxy, and SSL device profiles. The algorithms are disabled only for newly initialized systems - see Workarounds section for instructions to ensure that 3DES and Blowfish are disabled after a software upgrade. 2017-03-08 MC 1.8 enables 3DES for the management CLI, SSH failover connections, and SSL connections to Blue Coat. SSLV 4.0 enables 3DES for SSL connections to Blue Coat. 3DES cannot be disabled. 2017-01-13 A fix in SSLV 3.9 is available in 3.9.7.1. 2016-12-22 initial public release 2016-12-23 SSLV 3.11 is not vulnerable because the fixes are available in 3.11.1.1. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWswawIx+lLeg9Ub1AQhC3g/+PvPU7kqBCVAii9X9E318nIdCt3XaSfD8 0+lPFLUHoj7rjEcl20FD4YcvdxxdH2G9y89Y8HnCwg0ekhkQsT2+BTR/e+Qvqv+n 3yy0DJSpIb9itA7AUnWLdYS4je7esAmdjzpgJNJrXaFkXP9bPKzyRwnvNBo1bNKz m9NuL5LfhDqgHuViUaMUDHYhS1QJvJ8ECVpUuQVeFLiP3iAUwk95d/cElHd2T+pR 0B9qxOEZgzb50ASBdUTKb9ulueeODj53r3a0H++lI0n2a1JpHrTZSS5r2+1dM0Lf LH6rLUsIt6Mt5j7XTpt92MoXcAM6vUTQboPE2nw1l//6KzL5eDwOsN0ohiw7dUUv qHIYDGS+2ufTryo3sZlUiwUGon+SAFWoO3GV3J+19XSS5BvM1CeZLJpFlHKbSlz6 +Y+CApEMLxUQNmasrQh6nM6F97QLf/6Bkzh+OZ/U+E5JICA3TSb7IAjrprpHydxr JBfPkIwkUWPRHtqBvniv9u1/DGMLbk3PNApsdBKuYPhxhrfS4TAfGJFmlAhYRCh3 D123AqlOR+4pPmCCSdmRwFdTv+KFrgNDgIvPRjCqKGSLvIAt5paqCoa3Lp68fWmz MviXTmTmOLVJ2rvGCNAfJTs2JeyCH+9rGvOt1tpF/NCSMwVv8W4GcT9f8+BWkUiG oG1mhuXeU7c= =aaCp -----END PGP SIGNATURE-----