AusCERT - ASB-2012.0006 - [Win] Bluecoat PolicyCenter: Multiple vulnerabilities

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ASB-2012.0006 - [Win] Bluecoat PolicyCenter: Multiple vulnerabilities
Date: 12 January 2012
References: ESB-2007.0196 AL-2007.0065 ESB-2007.0419 ESB-2009.0143 ESB-2009.0376 ESB-2010.0202.2

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0006
     Multiple Sun ONE Directory Server vulnerabilities in PolicyCenter
                              12 January 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Bluecoat PolicyCenter
Operating System:     Windows 2000
                      Windows Server 2003
                      Windows Server 2008
Impact/Access:        Increased Privileges   -- Remote/Unauthenticated
                      Access Privileged Data -- Remote/Unauthenticated
                      Modify Arbitrary Files -- Remote/Unauthenticated
                      Denial of Service      -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2010-0708 CVE-2009-1332 CVE-2009-0576
                      CVE-2007-3225 CVE-2007-3224 CVE-2007-2466
                      CVE-2006-4175 CVE-2006-3127 CVE-2006-2513
Member content until: Saturday, February 11 2012
Reference:            ESB-2009.0376
                      ESB-2009.0143
                      AL-2007.0065
                      ESB-2007.0419
                      ESB-2007.0196
                      ESB-2010.0202.2

OVERVIEW

        A number of publicly documented vulnerabilities are addressed in
        PolicyCenter 8.7.2.


IMPACT

        Bluecoat has provided the following information:
        
        "The most severe vulnerabilities allow a remote attacker to mount a
        denial of service attack. Others allow a remote attacker to gain read
        and write access to specific data stored or managed by the Directory
        Server. This data may include PolicyCenter configuration data." [1]
        
        "When PolicyCenter is deployed behind a firewall, as is recommended,
        an attacker must gain access from the internal network in order to mount
        an attack." [1]


MITIGATION

        Bluecoat recommends the following:
        
        "PolicyCenter 8.7.2 contains an upgrade to Sun Directory Server version
        7.0 that fixes all the CVEs documented in this Security Advisory. Note
        that Sun Directory Server 7.0 must be installed on Windows Server 2008.
        When installing PolicyCenter 8.7.2 on a Windows 2000 or 2003 server,
        Sun Directory Server 5.2 is installed and will still have the security
        vulnerabilities listed in this advisory." [1]
        
        "Note that Sun ONE Directory Server 7.0 does not address CVE-2010-0708.
        A fix for this vulnerability has not been published. PolicyCenter
        continues to be vulnerable to CVE-2010-0708." [1]


REFERENCES

        [1] Multiple Sun ONE Directory Server vulnerabilities in PolicyCenter
            https://kb.bluecoat.com/index?page=content&id=SA64

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTw91uO4yVqjM2NGpAQLxoxAAsvll+Ipc1E+RdqwhECi9DsvfBBOkzTQ8
iGsskeyW/UlNoOgJCPvquzvRKCEq/xe9hQkbFWdH0rS/AGR23iFDaTotld5i5NBP
MXRnQ65x8f4eOBDeh4+Ef3i0kDaaTRWVRTsKxY72R1kUDst/CAQR0U8f60VWBjEb
qvbkY1rKl21cr7KHVSne1IajbJx/n/azmkKr/9hhXhhtvJrPMo/zXIedCTVScMrD
c4dpLyvTpZ4rMA+rCsAkskoy3n3HFjI5ZZj5mFoLcFGE4HFYMlmV/+VVzG4mL/Cm
URXktOf1ZuaDlbhwLqygSTJ46SXP2E2Tt9QsAAE8JWvnbVlDSnk7//DpBua2XUMA
Gs1zJoQXxfuOiO++vWwHClW6gaFL9HmjTbdB2wdpmzAfDWCJzDuEMworvvmTGSjb
7gTENFk2wTdh3cv3bgipf8IfiqNsxE2AjqfNwTukYM28gWkyrjOLHaR45rMYmJr6
UafxLkfqZEkRF2+oSEtVGimaCT4zPbwy9w3yfgPOqaYboKsuiN4wjMLcQ7Mr6PaU
7oXeowE3cUp9C9IHHIVz7gaiZOOFhhmt2JXyYpqLlPxmcYOiNCuRLza1oKGCGDqu
Xg/V8gnzFqCviPGkBXnR2j+ANovp5a46qUvef4igpB4Fkul3JP6s88q8UnlpeKTZ
xWlTgJhrdEA=
=5Oqz
-----END PGP SIGNATURE-----