SA137 : NSS Vulnerabilities
SUMMARY
Blue Coat products using affected versions of NSS are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain private Diffie-Hellman (DH) keys, cause denial of service through application crashes, or possibly execute arbitrary code.
AFFECTED PRODUCTS
The following products are vulnerable:
| Director | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2016-2834 | 6.1 | Upgrade to a version of MC with the fixes. |
| PacketShaper (PS) S-Series | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2016-2834 | 11.8 and later | Not vulnerable, fixed in 11.8.1.1 |
| 11.7 | Upgrade to 11.7.2.1. | |
| 11.6 | Upgrade to 11.6.3.1. | |
| 11.5 | Upgrade to later release with fixes. | |
| PolicyCenter (PC) S-Series | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2016-2834 | 1.1 | Upgrade to 1.1.3.1. |
| Security Analytics (SA) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 8.0 and later | Not vulnerable, fixed in 8.0.1. |
| 7.3 (has vulnerable version of NSS, but not vulnerable to known vectors of attack) | Upgrade to 7.3.2. | |
| 7.2 (has vulnerable version of NSS, but not vulnerable to known vectors of attack) | Upgrade to later release with fixes. | |
| 6.6, 7.1 | Upgrade to later release with fixes. | |
| X-Series XOS | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 9.7, 10.0, 11.0 | A fix will not be provided. |
The following products contain a vulnerable version of NSS, but are not vulnerable to known vectors of attack:
| Advanced Secure Gateway (ASG) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 6.7 | Not vulnerable, fixed in 6.7.2.1 |
| 6.6 | Upgrade to 6.6.5.8. | |
| Content Analysis System (CAS) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 |
| 1.3 | Upgrade to 1.3.7.5. | |
| Mail Threat Defense (MTD) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 1.1 | Upgrade to a version of CAS and SMG with the fixes. |
| Management Center (MC) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 1.9 and later | Not vulnerable, fixed in 1.9.1.1 |
| 1.8 | Upgrade to later release with fixes. | |
| 1.7 | Upgrade to later release with fixes. | |
| Reporter | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 |
| 10.1 | Upgrade to 10.1.5.4. | |
| 9.5 | Not vulnerable | |
| 9.4 | Not vulnerable | |
| SSL Visibility (SSLV) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| All CVEs | 4.1 and later | Not vulnerable, fixed in 4.1.1.1 |
| 4.0 | Upgrade to 4.0.2.1. | |
| 3.x | Not vulnerable | |
ADDITIONAL PRODUCT INFORMATION
Some Blue Coat products do not enable or use all functionality within NSS. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.
- ASG: all CVEs
- CAS: all CVEs
- Director: CVE-2016-5285 and CVE-2016-8635
- MTD: all CVEs
- MC: all CVEs
- PacketShaper S-Series: CVE-2016-5285 and CVE-2016-8635
- PolicyCenter S-Series: CVE-2016-5285 and CVE-2016-8635
- Reporter (10.1 only): all CVEs
- Security Analytics (7.2 and 7.3 only): all CVEs
- SSLV (4.0 only): all CVEs
The following products are not vulnerable:
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
Malware Analysis Appliance
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
PacketShaper
PolicyCenter
ProxyAV
ProxyAV ConLog and ConLogXP
ProxyClient
ProxySG
Unified Agent
Web Isolation
Blue Coat no longer provides vulnerability information for the following products:
DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
ISSUES
| CVE-2016-2834 | |
|---|---|
| Severity / CVSSv2 | High / 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) |
| References | SecurityFocus: BID 91072 / NVD: CVE-2016-2834 |
| Impact | Denial of service, code execution |
| Description | Multiple buffer handling flaws allow a remote attacker to send crafted cryptographic data and cause denial of service through memory corruption and application crashes. The attacker may also cause the target system to execute arbitrary code. |
| CVE-2016-5285 | |
|---|---|
| Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) |
| References | SecurityFocus: BID 94349 / Red Hat: CVE-2016-5285 |
| Impact | Denial of service |
| Description | A NULL pointer dereference flaw in SSL message handling allows a remote attacker to send an invalid Diffie-Hellman (DH) key and cause denial of service through application crashes. |
| CVE-2016-8635 | |
|---|---|
| Severity / CVSSv2 | TBD |
| References | SecurityFocus: BID 94346 / Red Hat: CVE-2016-8635 |
| Impact | Information disclosure |
| Description | A flaw in SSL DH key exchange message handling enables a small subgroup confinement attack. A remote attacker can manipulate the client public DH key in an SSL handshake and recover the server private DH key. |
REVISION
2021-07-13 A fix for Security Analytics 7.2 and PacketShaper (PS) S-Series 11.5 will not be provided. Please upgrade to a later version with the vulnerability fixes. Moving Advisory Status to Closed.
2020-11-17 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes.
2019-10-02 Web Isolation is not vulnerable.
2019-01-21 A fix for SA 7.3 is available in 7.3.2. SA 8.0 is not vulnerable because a fix is available in 8.0.1.
2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. Added remaining CVSS v2 scores from NVD.
2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-04-22 PacketShaper S-Series 11.10 is not vulnerable.
2017-11-16 A fix for PS S-Series 11.5 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-06-22 Security Ananlytics 7.3 has a vulnerable version of NSS, but is not vulnerable to known vectors of attack.
2017-06-22 A fix for all CVEs in Reporter 10.1 is available in 10.1.5.4.
2017-06-05 PS S-Series 11.8 is not vulenrable.
2017-05-29 A fix for Security Analytics 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-05-26 A fix for CAS 1.3 is available in 1.3.7.5.
2017-05-19 A fix for ASG 6.6 is available in 6.6.5.8.
2017-05-18 CAS 2.1 is not vulnerable.
2017-05-10 A fix for PacketShaper S-Series 11.7 is available in 11.7.2.1.
2017-03-30 A fix for SSLV 4.0 is available in 4.0.2.1. MC 1.9 is not vulnerable because a fix is available in 1.9.1.1.
2017-03-08 MC 1.8 has a vulnerable version of NSS, but is not vulnerable to known vectors of attack. A fix will not be provided for MC 1.7. Please, upgrade to a later version with the vulnerability fixes. A fix for PacketShaper S-Series 11.6 is available in 11.6.3.1. A fix for PolicyCenter S-Series is available in 1.1.3.1.
2016-12-20 initial public release