SUMMARY

Core files produced by ProxySG may include unencrypted sensitive data such as keys and end user authentication data. Only administrators have access to core files on ProxySG. Once downloaded by the administrator, the data in the core file could be viewed by a highly skilled attacker.

AFFECTED PRODUCTS

ProxySG 6.1 and 6.2 are vulnerable.

Patches

ProxySG 6.1 - a fix is available in 6.1.5.1.
ProxySG 6.2 - a fix is available in 6.2.2.1. 

ISSUES

ProxySG uses a "heap" to temporarily store information in memory that is currently in use by ProxySG.  A secure heap is a separate area in memory used to store sensitive information.  The information stored in the secure heap includes authentication materials for end users who are currently authenticated using HTTP basic authentication and keys that are currently in use. Authentication materials for end users who use other authentication methods (e.g., NTLM, Kerberos, X.509/certificate realm, Windows SSO, and Novell SSO) are not provided directly to ProxySG and therefore would not be cached in the secure heap.

When a core image is produced by SGOS, the data in memory that is necessary to diagnose the cause of the problem is written to the core image file. Data in the secure heap is not written to the file. In SGOS 6.1 and 6.2, the secure heap was mistakenly included in core files.

Core files are only visible to ProxySG administrators.  An administrator can download core files from ProxySG, or may choose to send them to Blue Coat for analysis after entering a Service Request Number.  As is customary, ProxySG core files are not encrypted.

An attacker with access to a core file produced by SGOS 6.1 or 6.2 may be able to discover sensitive information that was in memory at the time the core file was produced.  Blue Coat does not publish information about how to interpret core files or provide tools to parse core files. Specialized knowledge would be needed to discover sensitive information in a core file.

The CVSS v2 base score reflects a scenario in which a core file is downloaded from ProxySG by the administrator or sent to Blue Coat for analysis.  In this situation, an attacker needs no access to ProxySG to retrieve the core file, but does require highly specialized knowledge to obtain information from the core file that would be useful.  If the core file remains on ProxySG, the CVSS v2 base score is 1.2 (AV:L/AC:H/Au:N/C:P/I:N/A:N).

Core files are necessary in order for Blue Coat to diagnose and fix problems encountered by customers.  Blue Coat values the privacy of its customers and responsibly manages access to the core files provided to Support.

Blue Coat recommends that customers delete core files within their own environments when they are no longer needed.

MITIGATION

Customers should protect core files that have been downloaded from ProxySG and saved. Core files should be deleted when they are no longer needed.

REFERENCES

For information about sending core images to Blue Coat, see the Diagnostics chapter of the SGOS Administration Guide (6.1, 6.2).

REVISION

2011-08-24 Notification of maintenance release for 6.1. Changed status to final.
2011-06-29 Notification of a patch release fix for 6.1.
2011-06-28 Clarifications to the advisory
2011-06-17 Initial public release