SA111 : OpenSSL Vulnerabilities 28-Jan-2016
SUMMARY
Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, and 0.9.8 are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain ephemeral Diffie-Hellman (DHE) private key information and perform man-in-the-middle attacks on SSL/TLS connections using Diffie-Hellman key exchange. A malicious SSL/TLS client can also establish connections using SSLv2 cipher suites if the server has disabled the cipher suites, but has not disabled the SSLv2 protocol.
AFFECTED PRODUCTS
The following products are vulnerable:
| Advanced Secure Gateway (ASG) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197 | 6.7 and later (only when SSLv2 is enabled for management console, forward proxy, or reverse proxy). | Not vulnerable, fixed in 6.7.2.1 |
| 6.6 (only when SSLv2 is enabled for management console, forward proxy, or reverse proxy). | Upgrade to 6.6.5.1. | |
| CVE-2015-4000 | 7.1 and later | Not vulnerable, fixed in 7.1.1.1 |
| 6.7 | Upgrade to 6.7.3.1. | |
| 6.6 | Upgrade to 6.6.5.4. | |
| Android Mobile Agent | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 1.3 | Upgrade to 1.3.8. |
| BCAAA | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 6.1 (only when a Novell SSO realm is used) | A fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information |
| CacheFlow | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197, CVE-2015-4000 | 3.4 | Upgrade to 3.4.2.6. |
| Client Connector | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 1.6 | Upgrade to latest release of Unified Agent with fixes. |
| Content Analysis System (CAS) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 |
| 1.3 (when SSLv2 is enabled for secure ICAP server) | Upgrade to 1.3.7.1. | |
| 1.2 (management console) | Upgrade to 1.2.4.5. | |
| 1.2 (when SSLv2 is enabled for secure ICAP server) | Upgrade to later release with fixes. | |
| 1.1 | Upgrade to later release with fixes. | |
| CVE-2015-4000 | 2.2 and later | Not vulnerable, fixed in 2.2.1.1 |
| 2.1 | Not available at this time | |
| 1.3 | Upgrade to 1.3.7.3. | |
| 1.1, 1.2 | Upgrade to later release with fixes. | |
| Director | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 6.1 | Upgrade to 6.1.22.1. |
| IntelligenceCenter (IC) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197, CVE-2015-4000 | 3.3 | Upgrade to a version of NetDialog NetX with fixes. |
| IntelligenceCenter Data Collector | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197, CVE-2015-4000 | 3.3 | Upgrade to a version of NetDialog NetX with fixes. |
| Mail Threat Defense (MTD) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 1.1 | Not available at ths time |
| Malware Analysis Appliance (MAA) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 4.2 | Upgrade to 4.2.9. |
| Management Center (MC) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1 |
| 1.7 | Upgrade to 1.7.2.1. | |
| 1.5, 1.6 | Upgrade to later release with fixes. | |
| Norman Shark Industrial Control System Protection (ICSP) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 5.4 | Not vulnerable, fixed in 5.4.1 |
| 5.3 | Upgrade to 5.3.6. | |
| Norman Shark Network Protection (NNP) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 5.3 | Upgrade to 5.3.6. |
| Norman Shark SCADA Protection (NSP) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 5.3 | Upgrade to 5.3.6. |
| PacketShaper (PS) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 9.2 | Upgrade to 9.2.13p2. |
| PacketShaper (PS) S-Series | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197 | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 |
| 11.5 | Upgrade to 11.5.3.1. | |
| 11.2, 11.3, 11.4 | Upgrade to later release with fixes. | |
| CVE-2015-4000 | 11.9 and later | Not vulnerable, fixed in 11.9.1.1 |
| 11.7, 11.8 | Upgrade to later release with fixes. | |
| 11.6 | Upgrade to 11.6.4.2. | |
| 11.2, 11.3, 11.4, 11.5 | Upgrade to later release with fixes. | |
| PolicyCenter (PC) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 9.2 | Upgrade to 9.2.13p2. |
| PolicyCenter (PC) S-Series | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197 | 1.1 | Upgrade to 1.1.2.1. |
| CVE-2015-4000 | 1.1 | Upgrade to 1.1.4.2. |
| ProxyAV | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197, CVE-2015-4000 | 3.5 | Upgrade to 3.5.4.2. |
| ProxySG | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197, CVE-2015-4000 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 |
| 6.6 | Upgrade to 6.6.4.1. | |
| 6.5 | Upgrade to 6.5.9.6. | |
| Reporter | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 |
| 10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.4.2. | |
| 9.4, 9.5 | Upgrade to later release with fixes. | |
| CVE-2015-4000 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 |
| 10.1 | Upgrade to 10.1.5.1. | |
| 9.4, 9.5 | Upgrade to later release with fixes. | |
| Security Analytics | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197, CVE-2015-4000 | 7.2 and later | Not vulnerable, fixed in 7.2.1 |
| 7.1 | Upgrade to 7.1.11. | |
| 7.0 | Upgrade to later release with fixes. | |
| 6.6 | Upgrade to 6.6.12. | |
| SSL Visibility (SSLV) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 3.10 and later | Not vulnerable, fixed in 3.10.1.1 |
| 3.9 | Upgrade to 3.9.3.2. | |
| 3.8.4FC | Upgrade to 3.8.4FC-55. | |
| 3.8 | Upgrade to later release with fixes. | |
| Unified Agent (UA) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-4000 | 4.7 and later | Not vulnerable, fixed in 4.7.1 |
| 4.1, 4.6 | Upgrade to later release with fixes. | |
| X-Series XOS | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2015-3197 | 11.0 | Upgrade to 11.0.2 |
| 10.0 | Upgrade to 10.0.6 | |
| 9.7 | Upgrade to later release with fixes. | |
| CVE-2015-4000 | 10.0, 11.0 | Not available at this time |
| 9.7 | Upgrade to later release with fixes. | |
ADDITIONAL PRODUCT INFORMATION
Blue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:
- ASG: CVE-2015-3197 affects management connections, the forward proxy service, and the reverse proxy service.
- CacheFlow: CVE-2015-3197 only affects management connections.
- CAS: CVE-2015-3197 only affects management connections and connections to the secure ICAP server.
- IntelligenceCenter: CVE-2015-3197 only affects management connections.
- IntelligenceCenter Data Collector: CVE-2015-3197 only affects management connections.
- PacketShaper S-Series: CVE-2015-3197 only affects management connections.
- PolicyCenter S-Series: CVE-2015-3197 only affects management connections.
- ProxyAV: CVE-2015-3197 only affects management connections.
- ProxySG: CVE-2015-3197 affects management connections, the forward proxy service, and the reverse proxy service.
- Reporter 9.4 and 9.5 on Windows: CVE-2015-3197 only affects management connections.
- Security Analytics: CVE-2015-3197 only affects management connections.
- X-Series XOS: CVE-2015-3197 only affects management connections.
Blue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Client Connector, ProxyClient, and Reporter 9.x for Linux.
Blue Coat products do not enable or use all functionality within OpenSSL. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of OpenSSL, but do not use the functionality described in the CVEs and are not known to be vulnerable.
- Android Mobile Agent: CVE-2015-3197
- Client Connector: CVE-2015-3197
- Director: CVE-2015-3197
- MTD: CVE-2015-3197
- MC: CVE-2015-3197
- Reporter 10.1: CVE-2015-3197
- SSLV 3.9: CVE-2016-0701
- UA: CVE-2015-3197
The following products are not vulnerable:
AuthConnector
Blue Coat HSM Agent for the Luna SP
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
K9
ProxyAV ConLog and ConLogXP
ProxyClient
Web Isolation
Blue Coat no longer provides vulnerability information for the following products:
DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
ISSUES
| CVE-2015-3197 | |
|---|---|
| Severity / CVSSv2 | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) |
| References | SecurityFocus: BID 82237 / NVD: CVE-2015-3197 |
| Impact | Information disclosure |
| Description | A flaw in server-side TLS cipher suite negotiation allows a remote malicious TLS client to establish connections using SSLv2 cipher suites even though they have been disabled in the SSL server configuration. This flaw can only be exploited by a malicious TLS client and not by a man-in-the-middle. Blue Coat products that do not enable the SSLv2 protocol (via the OpenSSL SSL_OP_NO_SSLv2 flag) are not vulnerable. |
| CVE-2016-0701 | |
|---|---|
| Severity / CVSSv2 | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) |
| References | SecurityFocus: BID 82233 / NVD: CVE-2016-0701 |
| Impact | Information disclosure |
| Description | There exists a flaw in server-side Diffie-Hellman (DH) key generation. A TLS server may generate a DH key pair with unsafe parameters and reuse the DH private key for multiple TLS handshakes. A remote attacker can exploit this to obtain the DH private key and perform man-in-the-middle attacks on subsequent TLS handshakes using the same private key. |
| CVE-2015-4000 | |
|---|---|
| Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) |
| References | SecurityFocus: BID 74733 / NVD: CVE-2015-4000 |
| Impact | Information disclosure, unauthorized modification of data |
| Description | OpenSSL also released a patch with additional protection for TLS clients against CVE-2015-4000 (Logjam), previously addressed in SA98. The original OpenSSL Logjam patch causes TLS clients to reject ephemeral DH (DHE) keys of size less than 768 bits. The patch addressed in this security advisory increases the minimum DHE key size from 768 to 1024 bits. This provides better protection for TLS clients against powerful adversaries with the computational resources to perform pre-computation attacks on 768-bit DH parameters. |
MITIGATION
Blue Coat's ProxySG appliance can be used to prevent attacks using CVE-2015-3197. Customers using ProxySG as a reverse proxy can protect TLS servers by blocking SSL flows that use SSLv2 cipher suites. ProxySG 6.5 and 6.6 customers can use the following CPL syntax:
define condition cipher_control
client.connection.negotiated_ssl_version=SSLV2
end
<proxy> condition=cipher_control
exception(invalid_request) log.rewrite.cs-categories("Cipher control”)
The "cs-categories" access log field must be present in the access log format used. Customers can use a different access log field if desired.
Blue Coat’s SSL Visibility appliance can be used to prevent attacks using CVE-2015-3197. Customers using SSLV in inline inbound deployments can protect TLS servers by blocking SSL flows that use SSLv2 cipher suites. SSLV 3.x customers can use the following configuration steps:
- Open the Policies > Cipher Suites Lists web UI page and create a new cipher suites list.
- Select the new cipher suites list and use the Add button in the Cipher Suites panel repeatedly to add all SSLv2 cipher suites to the list.
- In the Policies > Rulesets web UI page, select the desired ruleset and add a “Drop” or “Reject” rule using the new cipher suites list. If necessary, re-order the rules in the ruleset to ensure that the new rule has the correct priority.
By default ICSP, NNP, NSP, and XOS do not use TLS client connections. Customers who do not change this default behavior prevent attacks against XOS using TLS connections with 768-bit DHE keys.
CVE-2015-3197 can be remediated on CacheFlow by ensuring that SSLv2 is disabled for the management console. Customers should use the following steps in config mode to limit the SSL/TLS versions used by the management console to TLSv1.1 and TLSv1.2:
management-services edit HTTPS-Console attribute ssl-versions tlsv1.1v1.2 exit exit
CVE-2015-3197 can be remediated on CAS by ensuring that SSLv2 is disabled for the secure ICAP server. To view the enabled SSL/TLS protocols, access the CAS management console and navigate to the "Settings > ICAP" page. Deselect SSLv2 under "TLS Settings" and save the changes.
CVE-2015-3197 can be remediated on ProxyAV by disabling SSLv2 for the management console and secure ICAP server. To view the enabled SSL/TLS protocols, access the ProxyAV management console. Navigate to "Network" for the management console settings and "ICAP Settings" for the secure ICAP server settings. Deselect SSLv2 under "SSL protocols" and save the changes on each of these pages.
CVE-2015-3197 can be remediated on ProxySG by disabling SSLv2 for the HTTPS management console and HTTP reverse proxy service profiles. There is no workaround for HTTPS forward proxy deployments because SSLv2 cannot be disabled.
CVE-2015-3197 can be remediated on Reporter 9.5 by disabling SSLv2 for management connections. To view the enabled SSL/TLS protocols, access the /settings/preferences.cfg file in the Reporter 9.5 installation directory. Ensure that the following line is set to "false":
ssl_v2="false"
There is no workaround for Reporter 9.4.
REFERENCES
OpenSSL Security Advisory - https://www.openssl.org/news/secadv/20160128.txt
REVISION
2020-04-20 Advisory status moved to Closed.
2019-10-03 Web Isolation is not vulnerable.
2019-08-20 A fix for IntelligenceCenter (IC) 3.3 and IntelligenceCenter Data Collector (DC) 3.3 will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes.
2018-06-04 A fix for PolicyCenter S-Series is available in 1.1.4.2.
2018-04-22 CA 2.3 and PacketShaper S-Series 11.10 are not vulnerable.
2018-04-03 A fix for CVE-2015-4000 in PacketShaper S-Series 11.6 is avaialble in 11.6.4.2.
2018-01-31 A fix for CVE-2015-4000 in ASG 6.7 is avaialble in 6.7.3.1.
2017-11-16 A fix for PS S-Series 11.7 and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-08 CAS 2.2 is not vulnerable because a fix is available in 2.2.1.1.
2017-11-06 ASG 6.7 allows weak 768-bit ephemeral Diffie-Hellman (DHE) keys when acting as a TLS client (CVE-2015-4000).
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-25 PS S-Series 11.9 is not vulnerable because a fix is available in 11.9.1.1.
2017-07-20 MC 1.10 is not vulnerable.
2016-06-30 A fix for ProxyAV 3.5 is available in 3.5.4.2.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PacketShaper S-Series 11.8 allows weak 768-bit DHE keys when acting as a TLS client (CVE-2015-4000). A fix is not available at this time.
2017-05-17 CAS 2.1 allows weak 768-bit DHE keys when acting as TLS clients (CVE-2015-4000).
2017-03-30 MC 1.9 is not vulnerable.
2017-03-29 A fix for CVE-2015-4000 in ASG 6.6 is available in 6.6.5.4.
2017-03-08 A fix for Director is available in 6.1.22.1.
2017-03-06 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable.
2017-02-07 A fix for Android Mobile Agent is available in 1.3.8. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2017-01-24 A fix for CVE-2015-4000 in CAS 1.3 is available in 1.3.7.3.
2017-01-10 A fix for CVE-2015-4000 in Reporter 10.1 is available in 10.1.5.1.
2016-12-16 A fix for CVE-2015-3197 in Reporter 10.1 is available in 10.1.4.2.
2016-12-04 PacketShaper S-Series 11.7 allows weak 768-bit DHE keys when acting as a TLS client (CVE-2015-4000). A fix is not available at this time. SSLV 3.11 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-11-14 A fix for MC 1.7 is available in 1.7.2.1.
2016-11-11 SSLV 3.10 is not vulnerable.
2016-11-03 A fix for PacketShaper 9.2 is available in 9.2.13p2. A fix for PolicyCenter 9.2 is available in 9.2.13p2.
2016-10-26 A fix for CVE-2015-3197 in ASG is available in 6.6.5.1. A fix for CVE-2015-3197 in CAS 1.3 is available in 1.3.7.1.
2016-10-25 A fix for CVE-2015-3197 in MC 1.6 is available in 1.6.1.1.
2016-10-25 MC 1.6 and 1.7 are vulnerable to CVE-2015-4000. Fixes for CVE-2015-4000 will not be provided for MC 1.5 and 1.6. Please upgrade to a later version with the vulnerability fixes.
2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55.
2016-08-10 A fix for Unified Agent is available in 4.7.1.
2016-07-16 A fix for CVE-2015-3197 in XOS 10.0 is available in 10.0.6. A fix for CVE-2015-3197 in XOS 11.0 is available in 11.0.2.
2016-06-30 PacketShaper S-Series 11.6 allows weak 768-bit DHE keys when acting as a TLS client (CVE-2015-4000). A fix is not available at this time. A fix for CVE-2015-4000 in PacketShaper S-Series 11.5 will not be provided.
2016-06-28 A fix for Client Connector will not be provided. Please upgrade to the latest version of Unified Agent with the vulnerability fixes.
2016-06-27 Fixes for PacketShaper S-Series 11.2, 11.3, and 11.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2016-06-21 A fix for ProxySG 6.6 is available in 6.6.4.1.
2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6.
2016-06-03 A fix for MAA is available in 4.2.9.
2016-05-19 Fixes are available in Security Analytics 6.6.12 and 7.1.11.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-04-28 A fix for CVE-2015-3197 is available in PacketShaper S-Series 11.5.3.1 and in PolicyCenter S-Series 1.1.2.1.
2016-04-25 A fix for CVE-2015-3197 is available in MTD 1.1.2.1.
2016-04-24 MTD 1.1 allows weak 768-bit DHE keys when acting as a TLS client (CVE-2015-4000). It also has vulnerable code for CVE-2015-3197.
2016-03-14 A fix for CacheFlow 3.4 is available in 3.4.2.6.
2016-03-04 A fix for ProxySG 6.5 is available in 6.5.9.6.
2016-02-22 Clarified in the Affected Products section that allowing weak 768-bit DHE keys is related to CVE-2015-4000. Added a workaround for disabling SSLv2 in Reporter 9.5. Clarified that there is no workaround for ProxySG forward proxy deployments because SSLv2 cannot be disabled.
2016-02-19 Corrected the Workarounds section to say that blocking SSLv2 can be used to protect TLS servers against CVE-2015-3197, not against CVE-2016-0701.
2016-02-18 initial public release