ESB-2016.3085.2 - UPDATE [Appliance] Bluecoat products: Access privileged data - Remote/unauthenticated 2018-04-10

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2016.3085.2
      SA133: SWEET32 Birthday Attack against DES, 3DES, and Blowfish
                               10 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Bluecoat products
Publisher:         Bluecoat Advisory
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2016-2183  

Reference:         ASB-2016.0120
                   ASB-2016.0095
                   ESB-2016.3077
                   ESB-2016.3062

Original Bulletin: 
   https://bto.bluecoat.com/security-advisory/sa133

Revision History:  April    10 2018: Update from vendor: A fix to disable 3DES 
                                     for SMTP alerts in SSLV 3.9 is available 
                                     in 3.9.7.1
                   December 23 2016: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish

Security Advisory ID: SA133

Published Date: Dec 22, 2016

Advisory Status: Interim

Advisory Severity: Medium

CVSS v2 base score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE Number: 
CVE-2016-2183 - 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-2016-6329 - 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Blue Coat products that use the DES, 3DES, and Blowfish symmetric encryption
ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are
susceptible to the Sweet32 birthday attack.  A remote attacker with the ability
to observe a long-lived encrypted connection can obtain plaintext, such as
authentication credentials, without knowing the secret encryption key.

Affected Products:

The following products are vulnerable:

Advanced Secure Gateway
ASG 6.6 enables 3DES and Blowfish by default for the SSH management console. 
ASG 6.6 also enables 3DES by default for the HTTPS management console, SSL
reverse proxy, SSL device profiles.  ASG 6.6 also enables DES and 3DES by
default for the SSL forward proxy.  See Workarounds section for instructions to
disable the insecure ciphers for these interfaces.  ASG 6.6 also enables 3DES
by default for connections to Blue Coat, Malware Analysis, and Lastline.  3DES
cannot be disabled.

ASG 6.7 disables 3DES and Blowfish by default for the SSH management console. 
It also disables 3DES by default for the HTTPS management console, SSL reverse
proxy, and SSL device profiles.  ASG 6.7 also enables DES and 3DES by default
for the SSL forward proxy.  See Workarounds section for instructions to disable
the insecure ciphers for these interfaces.  ASG 6.7 also enables 3DES by
default for connections to Blue Coat, Malware Analysis, and Lastline.  3DES
cannot be disabled.

BCAAA
BCAAA 6.1 enables DES and 3DES for LDAPS connections for Novell SSO realm
authentication.  DES and 3DES cannot be disabled.

CacheFlow
CacheFlow 3.4 enables 3DES and Blowfish for the SSH management console.  They
cannot be disabled.  CacheFlow 3.4 also enables 3DES by default for the HTTPS
management console.  It also enables DES and 3DES by default for SSL device
profiles.  See Workarounds section for instructions to disable DES and 3DES for
the SSL interfaces.

Client Connector
Client Connector 1.6 enables DES and 3DES for SSL connections to Cloud.  The
connections are short-lived and do not contain sufficient amount of encrypted
plaintext to exploit CVE-2016-2183.  DES and 3DES can be disabled for Client
Connector on Windows.  See Workarounds section for instructions.

Cloud Data Protection for Salesforce
CDP-SFDC 2.5, 4.6, and 4.7 enable 3DES by default for all SSL interfaces. 
CDP-SFDC 4.9, 4.10, and 4.12 disable 3DES by default in newly initialized
systems.  See Workarounds section for instructions to ensure that 3DES is
disabled.

Cloud Data Protection for Salesforce Analytics
CDP-WAVE 4.7 enables 3DES by default for all SSL interfaces.  CDP-WAVE 4.9 and
4.10 disable 3DES by default in newly initialized systems.  See Workarounds
section for instructions to ensure that 3DES is disabled.

Cloud Data Protection for ServiceNow
CDP-SNOW 4.6 and 4.7 enable 3DES by default for all SSL interfaces.  CDP-SNOW
4.9, 4.10, and 4.12 disable 3DES by default in newly initialized systems.  See
Workarounds section for instructions to ensure that 3DES is disabled.

Cloud Data Protection Communication Server
CDP-COMMSVR 2.4, 2.5, 4.6, and 4.7 enable 3DES by default for all SSL
interfaces.  CDP-COMMSVR 4.9, 4.10, and 4.12 disable 3DES by default for newly
initialized systems.  See Workarounds section for instructions to ensure that
3DES is disabled.

Cloud Data Protection Integration Server
CDP-INTSVR 4.6, 4.7, and 4.8 enable 3DES by default for all SSL interfaces. 
CDP-INTSVR 4.9, 4.10, and 4.12 disable 3DES by default for newly initialized
systems.  See Workarounds section for instructions to ensure that 3DES is
disabled.

Cloud Data Protection Policy Builder
CDP-PBUILDER 4.6 and 4.7 enable 3DES by default for all SSL interfaces. 
CDP-PBUILDER 4.9 and 4.10 disable 3DES by default for newly initialized
systems.  See Workarounds section for instructions to ensure that 3DES is
disabled.

Content Analysis System
CAS 1.3 enables 3DES for the HTTPS management console, SSH management CLI, SSH
connections to FireEye AX, SFTP connections to Reporter, and LDAPS
connections.  It also enables 3DES for SSL connections to Blue Coat, Malware
Analysis, and Lastline.  3DES cannot be disabled for those interfaces.  CAS 1.3
also enables 3DES by default for the secure ICAP server.  See Workarounds
section for instructions to disable 3DES for the secure ICAP server.  CAS 2.1
and 2.2 enable 3DES for SSL connections to Blue Coat, Malware Analysis, and
Lastline.  3DES cannot be disabled for those interfaces.  CAS 2.1 and 2.2
disable 3DES by default for the secure ICAP server.

Director
Director 6.1 enables 3DES for the SSH CLI, SSH connections to ProxySG, SSH
connections to other Director appliances, SSL connections to Blue Coat, and SSL
connections for software update downloads.  3DES cannot be disabled.

IntelligenceCenter
IC 3.3 enables DES and 3DES for the web UI, SSL connections from and to
IntelligenceCenter Data Collector, and SSL connections to PacketShaper.  DES
and 3DES cannot be disabled.

IntelligenceCenter Data Collector
DC 3.3 enables DES and 3DES for the web UI, SSL connections from and to
IntelligenceCenter, and SSL connections to PacketShaper.  DES and 3DES cannot
be disabled.

Malware Analysis Appliance
MAA 4.2 enables 3DES by default for the management CLI and SSL connections to
Blue Coat.  It cannot be disabled.  3DES is disabled by default for the
management web UI.

Mail Threat Defense
MTD 1.1 enables 3DES for the HTTPS management console, SSH management CLI, SSH
connections to FireEye AX, SFTP connections to Reporter, and LDAPS
connections.  It also enables 3DES for SSL connections to Blue Coat, Malware
Analysis, and Lastline.  3DES cannot be disabled for those interfaces.

Management Center
MC 1.7 and 1.8 enable 3DES for the management CLI, SSH failover connections,
and SSL connections to Blue Coat.  MC 1.9 enables 3DES for SSL connections to
Blue Coat.  3DES cannot be disabled.  MC 1.10 and later releases are not
vulnerable.

Norman Shark Industrial Control System Protection
ICSP 5.3 enables 3DES and Blowfish by default for the management CLI.  It also
enables 3DES by default for the web UI.  See Workarounds section for
instructions to disable them.

Norman Shark Network Protection
NNP 5.3 enables 3DES and Blowfish by default for the management CLI.  It also
enables 3DES by default for the web UI.  See Workarounds section for
instructions to disable them.

Norman Shark SCADA Protection
NSP 5.3 enables 3DES and Blowfish by default for the management CLI.  It also
enables 3DES by default for the web UI.  See Workarounds section for
instructions to disable them.

PacketShaper
PS 9.2 prior to 9.2.13p2 enables DES and 3DES for the management CLI and all
SSL interfaces.  3DES cannot be disabled.

PacketShaper S-Series
PS S-Series 11.5, 11.6, 11.7, 11.8, and 11.9 enable 3DES for SSL connections to
Blue Coat and LDAPS connections to PolicyCenter S-Series.  PS S-Series 11.5,
11.6, and 11.7 also enable 3DES for the management CLI.  3DES cannot be
disabled for those interfaces.  PS S-Series 11.5, 11.6, 11.7, 11.8, and 11.9
disable 3DES by default for the web UI.  See Workarounds section for
instructions to ensure that 3DES is disabled for the web UI.

PolicyCenter
PC 9.2 prior to 9.2.13p2 enables DES and 3DES for the management CLI and all
SSL interfaces.  3DES cannot be disabled.

PolicyCenter S-Series
PC S-Series 1.1 enables 3DES for the management CLI and SSL connections to Blue
Coat.  PC S-Series 1.1 prior 1.1.2.2 also enables 3DES for the LDAPS server. 
3DES cannot be disabled for those interfaces.  It disables 3DES by default for
the web UI.  See Workarounds section for instructions to ensure that 3DES is
disabled for the web UI.

ProxyAV
ProxyAV 3.5 enables 3DES for the HTTPS management console, secure ICAP server,
and SSL clients connections.  See Workarounds sections for instructions to
disable 3DES.

ProxyClient
ProxyClient 3.4 enables DES and 3DES for SSL connections to Cloud.  The
connections are short-lived and do not contain sufficient amount of encrypted
plaintext to exploit CVE-2016-2183.  DES and 3DES can be disabled for
ProxyClient on Windows.  See Workarounds section for instructions.

ProxySG
ProxySG 6.5 and 6.6 enable 3DES and Blowfish by default for the SSH management
console.  They also enable 3DES by default for the HTTPS management console,
SSL reverse proxy, and SSL device profiles.  ProxySG 6.7 disables 3DES and
Blowfish by default for the HTTPS management console in newly initialized
systems. It also disables DES and 3DES by default for the HTTPS management
console, SSL reverse proxy, and SSL device profiles in newly initialized
systems.  All versions of ProxySG enable DES and 3DES for the SSL forward
proxy.  See Workarounds section for instructions to disable the insecure
ciphers for all interfaces.

Reporter
Reporter 9.4 and 9.5 prior to 9.5.3.5 enable 3DES for the HTTPS management
console.  Reporter 9.4 and 9.5 also enable 3DES for LDAPS client
connections. 3DES can be disabled for both interfaces.  See Workarounds section
for instructions.  Reporter 10.1 enables 3DES for the HTTPS management console,
FTPS server, and LDAPS client connections.  Reporter 10.1 prior to 10.1.5.4
also enables 3DES for the SSH management CLI and SSL connections to Blue Coat. 
3DES cannot be disabled.

SSL Visibility
SSLV 3.8.4FC, 3.9, 3.10, 3.11 prior to 3.11.4.1, and 4.0 enable 3DES for Host
Categorization database downloads.  SSLV 3.8.4FC, 3.9 prior to 3.9.7.1, and
3.10 prior to 3.10.2.1 enable 3DES for SMTP alerts.  SSLV 4.0 enable 3DES for
SSL connections to Blue Coat.  3DES cannot be disabled.  SSLV 3.12 and 4.1 and
later releases are not vulnerable.

Unified Agent
UA 4.1, 4.6, and 4.7 enable DES and 3DES for SSL connections to ProxySG and
Cloud.  The connections are short-lived and do not contain sufficient amount of
encrypted plaintext to exploit CVE-2016-2183.  DES and 3DES can be disabled for
Unified Agent on Windows.  See Workarounds section for instructions.  UA 4.8 is
not vulnerable.

X-Series XOS
XOS 9.7, 10.0, and 11.0 enable by default 3DES for the management web UI and
CLI.

The following products are not vulnerable:
Android Mobile Agent
AuthConnector
Blue Coat HSM Agent for the Luna SP
Cloud Data Protection for Oracle Sales Cloud
General Auth Connector Login Application
K9
ProxyAV ConLog and ConLogXP

The following products are under investigation:
Security Analytics

Blue Coat no longer provides vulnerability information for the following
products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability
information for DLP.

Advisory Details: 

Blue Coat products that support DES, 3DES, or Blowfish block symmetric
encryption ciphers in long-lived SSL/TLS, SSH, and VPN connections are
vulnerable to the Sweet32 birthday attack.  CVE-2016-6329 identifies the
Sweet32 attack against OpenVPN implementations that use the Blowfish cipher. 
CVE-2016-2183 identifies the Sweet32 attack against SSL/TLS, SSH, and other VPN
implementations that use the DES and 3DES ciphers.

Block symmetric encryption ciphers have a limit on the number of blocks of
plaintext that can be securely encrypted with the same key.  This limit stems
from the "birthday paradox" and is known as the birthday bound.  The birthday
bound depends on the cipher block size and is 2N/2 blocks for a cipher with
block size N and a cipher mode such as CBC.  If two communicating parties
encrypt plaintext with the same key and reach the birthday bound, there is a
significant probability for ciphertext collisions, where two different
plaintexts are encrypted to the same ciphertext. When the CBC block cipher mode
is used, each ciphertext collision reveals the XOR of the two plaintexts that
were encrypted.

The DES, 3DES, and Blowfish encryption ciphers use block size of 64 bits.  It
is sufficient to encrypt 32GB of plaintext with the same key to reach the
birthday bound.  The SSL/TLS, SSH, and VPN protocols support encryption with
64-bit block ciphers in CBC mode and do not renegotiate encryption keys within
the same secure session.  If two communicating parties exchange a sufficient
amount of data over a long-lived SSL/TLS, SSH, or VPN session, a
man-in-the-middle (MITM) attacker can obtain XORs of pairs of plaintext.  If
the attacker can control or guess one of the plaintexts, they can obtain the
other plaintext without knowing the secret encryption key.

The Blue Coat HSM Agent for the Luna SP is not vulnerable to Sweet32, but the
underlying Apache Tomcat server on the SafeNet LunaSP3 may be vulnerable. 
Customers should contact SafeNet for more information about Sweet32.

Workarounds: 

Blue Coat's ProxySG appliance can be used to prevent attacks using
CVE-2016-2183.  Customers using ProxySG as a forward proxy can protect SSL
clients and servers by blocking in policy SSL flows that use 3DES cipher
suites.  ProxySG 6.5 and 6.6 customers can use the following CPL syntax:

<SSL>
client.connection.negotiated_cipher=list-of_DES_and_DES-CBC3_ciphers deny
<SSL>
server.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_ciphers deny

Blue Coat's SSLV appliance can also be used to prevent attacks using
CVE-2016-2183.  Customers using SSLV in inline deployments can protect SSL
clients and servers by blocking in policy SSL flows that use 3DES cipher
suites.  SSLV 3.x customers can use the following configuration steps:

 1. Open the Policies > Cipher Suites Lists web UI page and create a new cipher
    suites list.
 2. Select the new cipher suites list and use the Add button in the Cipher
    Suites panel repeatedly to add all DES and 3DES cipher suites to the list.
    The cipher suites have the strings "DES" and "3DES" in their names.
 3. In the Policies > Rulesets web UI page, select the desired ruleset and add
    a "Drop" or "Reject" rule using the new cipher suites list. If necessary,
    re-order the rules in the ruleset to ensure that the new rule has the
    correct priority.

CVE-2016-2183 can be remediated on CacheFlow by ensuring that 3DES cipher
suites are disabled for the HTTPS management console and all SSL device
profiles.  Customers should use the following steps in configuration mode to
disables all 3DES cipher suites:

#(config) management-services
#(config management-services) edit HTTPS-Console
#(config HTTPS-Console) attribute cipher-suite list_excluding_DES_and_DES-CBC3_cipher_suites
#(config HTTPS-Console) exit
#(config management-services) exit
#(config) ssl
#(config ssl) edit ssl-device-profile profile_name
#(config device-profile profile_name) cipher-suite list_excluding_DES_and_DES-CBC3_cipher_suites
#(config device-profile profile_name) exit
#(config ssl) exit

CVE-2016-2183 can be remediated on Client Connector for Windows by disabling
3DES cipher suites for SSL client connections.  Customers can use the "Local
Computer Policy/Computer Configuration/Administrative Templates/Network/SSL
Configuration Settings/SSL Cipher Suite Order" setting in the Windows Local
Group Policy Editor (gpedit.msc) to disable 3DES cipher suites.

CVE-2016-2183 can be remediated on CDP by disabling 3DES cipher suites for all
SSL interfaces.  Customers can add the "DESede" algorithm name to the
jdk.tls.disabledAlgorithms JVM property for all CDP components.

CVE-2016-2183 can be remediated on CAS by disabling 3DES cipher suites for the
secure ICAP server.  To view the enabled SSL cipher suites, access the CAS
management console and navigate to the "Settings > ICAP" page.  Deselect all
DES-CBC3 cipher suites under "Cipher Selection" and save the changes.

CVE-2016-2183 can be remediated on ICSP, NNP, and NSP by disabling 3DES and
Blowfish for the web UI and CLI.  Customers should remove DES-CBC3-SHA from the
ssl_ciphers list in the nginx web server configuration file, add the following
line to the SSH daemon configuration file:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr

and reboot the system.

CVE-2016-2183 can be remediated on PacketShaper S-Series by disabling 3DES for
the web UI.  Customers should use the following CLI command:

sys set useStrongCiphers 1

CVE-2016-2183 can be remediated on PolicyCenter S-Series by disabling 3DES for
the web UI.  Customers should use the following CLI command:

pc setup ssl strength strong

CVE-2016-2183 can be remediated on ProxyAV by disabling 3DES cipher suites for
SSL clients, the management console and the secure ICAP server.  To view the
enabled SSL cipher suites, access the ProxyAV management console.  Navigate to
"Advanced/SSL Client" for the SSL client settings, "Network/Ciphers suite lists
for HTTPS administration" for the management console settings and "ICAP
Settings" for the secure ICAP server settings.  Deselect all DES-CBC3 cipher
suites and save the changes on each of these pages.

CVE-2016-2183 can be remediated on ProxyClient for Windows by disabling 3DES
cipher suites for SSL client connections.  Customers can use the "Local
Computer Policy/Computer Configuration/Administrative Templates/Network/SSL
Configuration Settings/SSL Cipher Suite Order" setting in the Windows Local
Group Policy Editor (gpedit.msc) to disable 3DES cipher suites.

CVE-2016-2183 can be remediated for the SSH management console, HTTPS
management console, SSL reverse proxy, and SSL device profiles on ASG and
ProxySG by disabling Blowfish, DES, and 3DES ciphers.  Customers can use the
following CLI commands in configuration mode:

#(config) ssh-console
#(config ssh-console) ciphers remove 3des-cbc
#(config ssh-console) ciphers remove blowfish-cbc
#(config ssh-console) exit
#(config) management-services
#(config management-services) edit HTTPS-Console
#(config HTTPS-Console) attribute cipher-suite
<select_list_excluding_DES_and_DES-CBC3_cipher_suites>
#(config HTTPS-Console) exit
#(config management-services) exit
#(config) proxy-services
#(config proxy-services) edit service_name
#(config service_name) attribute cipher-suite
<select_list_excluding_DES_and_DES-CBC3_cipher_suites>
#(config service_name) exit
#(config proxy-services) exit
#(config) ssl
#(config ssl) edit ssl-device-profile profile_name
#(config device-profile profile_name) cipher-suite
<select_list_excluding_DES_and_DES-CBC3_cipher_suites>
#(config device-profile profile_name) exit
#(config ssl) exit

DES and 3DES cipher suites cannot be disabled for the SSL forward proxy. 
ProxySG 6.5 and 6.6 customers can use the following CPL syntax in policy to
block intercepted SSL flows that use DES and 3DES cipher suites:

<SSL>
client.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_cipher_suites deny
<SSL>
server.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_cipher_suites deny

CVE-2016-2183 can be remediated on Reporter by disabling 3DES for the HTTPS
management console and LDAPS client connections.  Customers can add the
following cipher_list line to preferences.cfg to disable 3DES cipher suites for
the HTTPS management console:

protocols = {
  http = {
    ssl = {
      ...
      cipher_list="!DES:!3DES"
      ...
    } # ssl
  } # http
}

Reporter 9.x customers can edit settings/preferences.cfg directly in the
Reporter 9.x installation directory.  Reporter 10.1 customers can edit
preferences.cfg using the CLI:

Reporter> enable
Admin password:
Reporter# stop-reporter
Are you sure you want to stop Reporter (this could take several minutes - or more)- [y/N] y
..............................bcreporter stop/waiting
Reporter# configure edit preferences.cfg
<edit preferences.cfg in text editor>
"settings/preferences.cfg" 193 lines, 4960 characters written
Changes to preferences.cfg:
32a33
>         cipher_list = "!DES:!3DES"
Reporter# configure commit preferences.cfg
Reporter# start-reporter
Starting Reporter will discard any uncommitted configuration file changes you have made.
Are you sure you want to start Reporter- [y/N] y
Reporter starting..........

Reporter 9.x for Windows uses the Windows LDAP API for LDAPS client
connections.  Customers can ensure that DES and 3DES cipher suites are disabled
for the Microsoft Schannel Provider.  There is no workaround to disable 3DES
cipher suites for LDAPS client connections in Reporter 10.1.

CVE-2016-2183 can be remediated on Unified Agent for Windows by disabling DES
and 3DES cipher suites for SSL client connections.  Customers can use the
"Local Computer Policy/Computer Configuration/Administrative Templates/Network/
SSL Configuration Settings/SSL Cipher Suite Order" setting in the Windows Local
Group Policy Editor (gpedit.msc) to disable DES and 3DES cipher suites.

Patches: 

Advanced Secure Gateway
ASG 6.7 - 3DES and Blowfish are disabled by default in 6.7.2.1 for the SSH
management console.  3DES is also disabled by default in 6.7.2.1 for the HTTPS
management console, HTTPS reverse proxy, and SSL device profiles.  The
algorithms are disabled only for newly initialized systems - see Workarounds
section for instructions to ensure that 3DES and Blowfish are disabled after a
software upgrade.
ASG 6.6 - 3DES is disabled by default for the HTTPS management console, HTTPS
reverse proxy, and SSL device profiles in 6.6.5.2.  3DES is disabled only for
newly initialized systems - see Workarounds section for instructions to disable
3DES after a software upgrade.  A fix is not available for the management CLI
at this time.

BCAAA
BCAAA 6.1 - a fix will not be provided.  An updated Novell SSO SDK is no longer
available.  Please, contact Novell for more information.

CacheFlow
CacheFlow 3.4 - a fix is not available at this time.

Client Connector
Client Connector 1.6 - a fix will not be provided.  Please upgrade to the
latest version of Unified Agent with the vulnerability fixes.

Cloud Data Protection for Salesforce
CDP-SFDC 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 
3DES is disabled only for newly initialized systems - see Workarounds section
for instructions to disable 3DES after a software upgrade.
CDP-SFDC 4.7 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.
CDP-SFDC 4.6 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.
CDP-SFDC 2.5 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.

Cloud Data Protection for Salesforce Analytics
CDP-WAVE 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 
3DES is disabled only for newly initialized systems - see Workarounds section
for instructions to disable 3DES after a software upgrade.
CDP-WAVE 4.7 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.

Cloud Data Protection for ServiceNow
CDP-SNOW 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 
3DES is disabled only for newly initialized systems - see Workarounds section
for instructions to disable 3DES after a software upgrade.
CDP-SNOW 4.7 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.
CDP-SNOW 4.6 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.

Cloud Data Protection Communication Server
CDP-COMMSVR 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 
3DES is disabled only for newly initialized systems - see Workarounds section
for instructions to disable 3DES after a software upgrade.
CDP-COMMSVR 4.7 - a fix will not be provided.  Please upgrade to a later
version with the vulnerability fixes.
CDP-COMMSVR 4.6 - a fix will not be provided.  Please upgrade to a later
version with the vulnerability fixes.
CDP-COMMSVR 2.5 - a fix will not be provided.  Please upgrade to a later
version with the vulnerability fixes.
CDP-COMMSVR 2.4 - a fix will not be provided.  Please upgrade to a later
version with the vulnerability fixes.

Cloud Data Protection Integration Server
CDP-INTSVR 4.9 - 3DES is disabled by default for all SSL interfaces in 3.9.1. 
3DES is disabled only for newly initialized systems - see Workarounds section
for instructions to disable 3DES after a software upgrade.
CDP-INTSVR 4.8 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.
CDP-INTSVR 4.7 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.
CDP-INTSVR 4.6 - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.

Cloud Data Protection Policy Builder
CDP-PBUILDER 4.9 - 3DES is disabled by default for all SSL interfaces in
3.9.1.  3DES is disabled only for newly initialized systems - see Workarounds
section for instructions to disable 3DES after a software upgrade.
CDP-PBUILDER 4.7 - a fix will not be provided.  Please upgrade to a later
version with the vulnerability fixes.
CDP-PBUILDER 4.6 - a fix will not be provided.  Please upgrade to a later
version with the vulnerability fixes.

Content Analysis System
CAS 2.2 - a fix is not available at this time.
CAS 2.1 - a fix is not available at this time.
CAS 1.3 - a fix is not available at this time.

Director
Director 6.1 - a fix is not available at this time.

IntelligenceCenter
IC 3.3 - a fix is not available at this time.

IntelligenceCenter Data Collector
DC 3.3 - a fix is not available at this time.

Malware Analysis Appliance
MAA 4.2 - a fix is not available at this time.

Mail Threat Defense
MTD 1.1 - a fix is not available at this time.

Management Center
MC 1.10 - a fix is available in 1.10.1.1.
MC 1.9 - a fix will not be provided.  Please upgrade to a later version with
the vulnerability fixes.
MC 1.8 - a fix will not be provided.  Please upgrade to a later version with
the vulnerability fixes.
MC 1.7 - a fix will not be provided.  Please upgrade to a later version with
the vulnerability fixes.

Norman Shark Industrial Control System Protection
ICSP 5.3 - a fix is not available at this time.

Norman Shark Network Protection
NNP 5.3 - a fix is not available at this time.

Norman Shark SCADA Protection
NSP 5.3 - a fix is not available at this time.

PacketShaper
PS 9.2 - 3DES is disabled in 9.2.13p2 for the management CLI and all SSL
interfaces except LDAPS connections to the Oracle Directory Server.  3DES
support for LDAPS connections is required by the Oracle Directory Server.

PacketShaper S-Series
PS S-Series 11.9 - a fix is not available at this time.
PS S-Series 11.8 - a fix will not be provided. Please upgrade to the latest
version with the vulnerability fixes.
PS S-Series 11.7 - a fix will not be provided. Please upgrade to the latest
version with the vulnerability fixes.
PS S-Series 11.6 - a fix is not available at this time.
PS S-Series 11.5 - a fix will not be provided. Please upgrade to the latest
version with the vulnerability fixes.

PolicyCenter
PC 9.2 - 3DES is disabled in 9.2.13p2 for the management CLI and all SSL
interfaces except LDAPS connections to the Oracle Directory Server.  3DES
support for LDAPS connections is required by the Oracle Directory Server.

PolicyCenter S-Series
PC S-Series 1.1 - a fix is not available at this time.

ProxyAV
ProxyAV 3.5 - a fix is not available at this time.

ProxyClient
ProxyClient 3.4 - a fix will not be provided.  Please upgrade to the latest
version of Unified Agent with the vulnerability fixes.

ProxySG
ProxySG 6.7 - 3DES and Blowfish are disabled by default in 6.7.1.1 for the SSH
management console.  3DES is also disabled by default in 6.7.1.1 for the HTTPS
management console, HTTPS reverse proxy, and SSL device profiles.  The
algorithms are disabled only for newly initialized systems - see Workarounds
section for instructions to ensure that 3DES and Blowfish are disabled after a
software upgrade.
ProxySG 6.6 - 3DES is disabled by default for all SSL interfaces in 6.6.5.2. 
3DES is disabled only for newly initialized systems - see Workarounds section
for instructions to disable 3DES after a software upgrade.  A fix is not
available for the management CLI at this time.
ProxySG 6.5 - a fix is not available at this time.

Reporter
Reporter 10.1 - 3DES is disabled for the SSH management CLI and SSL connections
to Blue Coat in 10.1.5.4.  A fix to disable 3DES for LDAPS client connections
and the FTP server is not avaialble at this time.
Reporter 9.5 - 3DES is disabled for the HTTPS management console in 9.5.3.5. 
See Workarounds section for instructions to disable 3DES for LDAPS client
connections.
Reporter 9.4 - a fix will not be provided.  See Workarounds section for
instructions disable 3DES for the HTTPS management console and LDAPS client
connections.

SSL Visibility
SSLV 4.1 - a fix is available in 4.1.1.1.
SSLV 4.0 - a fix is not available at this time.
SSLV 3.12 - a fix is available in 3.12.1.1.
SSLV 3.11 - a fix is available in 3.11.4.1.
SSLV 3.10 - 3DES is disabled for SMTP alerts in 3.10.2.1.  A fix to disable
3DES for Host Categorization database downloads is not available at this time.
SSLV 3.9 - 3DES is disabled for SMTP alerts in 3.9.7.1.  A fix to disable 3DES
for Host Categorization database downloads will not be provided.  Please
upgrade to the latest version with the vulnerability fixes.
SSLV 3.8.4FC - a fix will not be provided.  Please upgrade to a later version
with the vulnerability fixes.

Unified Agent
UA 4.8 - a fix is available in 4.8.0.
UA 4.7 - a fix will not be provided.  Please upgrade to the latest version with
the vulnerability fixes.
UA 4.6 - a fix will not be provided.  Please upgrade to the latest version with
the vulnerability fixes.
UA 4.1 - a fix will not be provided.  Please upgrade to the latest version with
the vulnerability fixes.

X-Series XOS
XOS 11.0 - a fix is not available at this time.
XOS 10.0 - a fix will not be provided.  Please upgrade to a later version with
the vulnerability fixes.
XOS 9.7 - a fix will not be provided.  Please upgrade to a later version with
the vulnerability fixes.

References: 

CVE-2016-2183 - https://nvd.nist.gov/vuln/detail/CVE-2016-2183
CVE-2016-6329 - https://nvd.nist.gov/vuln/detail/CVE-2016-6329
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN - https://
sweet32.info

Advisory History: 

2018-04-06 A fix to disable 3DES for SMTP alerts in SSLV 3.9 is available in
3.9.7.1.
2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. 
Please upgrade to a later version with the vulnerability fixes.
2017-11-16 A fix for SSLV 3.9 will not be provided.  Please upgrade to a later
version with the vulnerability fixes.
2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1.
2017-11-13 PS S-Series 11.8 and 11.9 enable 3DES for SSL connections to Blue
Coat and LDAPS connections to PolicyCenter S-Series.  3DES cannot be disabled
for those interfaces.  PS S-Series 11.8 and 11.9 disable 3DES by default for
the web UI.  See Workarounds section for instructions to ensure that 3DES is
disabled for the web UI.
2017-11-08 CAS 2.2 enables 3DES for SSL connections to Blue Coat, Malware
Analysis, and Lastline.  It disables 3DES by default for the secure ICAP
server. 
2017-11-06 ASG 6.7 disables 3DES and Blowfish by default for the SSH management
console.  It also disables 3DES by default for the HTTPS management console,
SSL reverse proxy, and SSL device profiles.  ASG 6.7 also enables DES and 3DES
by default for the SSL forward proxy.  See Workarounds section for instructions
to disable the insecure ciphers for these interfaces.  ASG 6.7 also enables
3DES by default for connections to Blue Coat, Malware Analysis, and Lastline. 
3DES cannot be disabled.
2017-08-03 SSLV 4.1 is not vulnerable because a fix is available in 4.1.1.1.
2017-07-27 3DES is disabled for the Reporter 9.5 HTTPS management console in
9.5.3.5.
2017-07-23 MC 1.10 is not vulnerable because a fix is available in 1.10.1.1.  A
fix for MC 1.9 will not be provided.  Please upgrade to a later version with
the vulnerability fixes.
2017-07-18 Reporter 10.1 also enables 3DES for the FTPS server.  3DES cannot be
disabled.
2017-07-13 Reporter 9.4 and 9.5 enable 3DES for the HTTPS management console
and LDAPS client connections.  3DES can be disabled for both interfaces.  See
Workarounds section for instructions.  Reporter 10.1 enables 3DES for the HTTPS
management console and LDAPS client connections.  Reporter 10.1 prior to
10.1.5.4 also enables 3DES for the SSH management CLI and SSL connections to
Blue Coat.  3DES cannot be disabled.
2017-07-10 A fix for SSLV 3.11 is available in 3.11.4.1.
2017-06-27 It was previously reported that SSLV 3.9 (3.9.7.1 and later), 3.10
(3.10.2.1 and later), 3.11, and 4.0 do not enable 3DES for Host Categorization
database downloads.  Further investigation indicates that SSLV 3.9, 3.10, 3.11,
and 4.0 enable 3DES for Host Categorization.
2017-06-20 Added CVE-2016-6329 to Security Advisory.
2017-05-29 UA 4.8 is not vulnerable because a fix is available in 4.8.0.
2017-05-18 CAS 2.1 enables 3DES for SSL connections to Blue Coat, Malware
Analysis, and Lastline.  It disables 3DES by default for the secure ICAP
server.  CDP-SFDC 4.12, CDP-SNOW 4.12, CDP-COMMSVR 4.12, and CDP-INTSVR 4.12
disable 3DES by default for all SSL interfaces on newly initialized systems.
2017-03-30 MC 1.9 enables 3DES for SSL connections to Blue Coat.
2017-03-16 A fix for SSLV 3.10 is available in 3.10.2.1.
2017-03-08 ProxySG 6.7.1.1 disables 3DES and Blowfish by default for the SSH
management console.  It also disables 3DES by default for the HTTPS management
console, HTTPS reverse proxy, and SSL device profiles.  The algorithms are
disabled only for newly initialized systems - see Workarounds section for
instructions to ensure that 3DES and Blowfish are disabled after a software
upgrade.
2017-03-08 MC 1.8 enables 3DES for the management CLI, SSH failover
connections, and SSL connections to Blue Coat.  SSLV 4.0 enables 3DES for SSL
connections to Blue Coat.  3DES cannot be disabled.
2017-01-13 A fix in SSLV 3.9 is available in 3.9.7.1.
2016-12-22 initial public release
2016-12-23 SSLV 3.11 is not vulnerable because the fixes are available in
3.11.1.1.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWswawIx+lLeg9Ub1AQhC3g/+PvPU7kqBCVAii9X9E318nIdCt3XaSfD8
0+lPFLUHoj7rjEcl20FD4YcvdxxdH2G9y89Y8HnCwg0ekhkQsT2+BTR/e+Qvqv+n
3yy0DJSpIb9itA7AUnWLdYS4je7esAmdjzpgJNJrXaFkXP9bPKzyRwnvNBo1bNKz
m9NuL5LfhDqgHuViUaMUDHYhS1QJvJ8ECVpUuQVeFLiP3iAUwk95d/cElHd2T+pR
0B9qxOEZgzb50ASBdUTKb9ulueeODj53r3a0H++lI0n2a1JpHrTZSS5r2+1dM0Lf
LH6rLUsIt6Mt5j7XTpt92MoXcAM6vUTQboPE2nw1l//6KzL5eDwOsN0ohiw7dUUv
qHIYDGS+2ufTryo3sZlUiwUGon+SAFWoO3GV3J+19XSS5BvM1CeZLJpFlHKbSlz6
+Y+CApEMLxUQNmasrQh6nM6F97QLf/6Bkzh+OZ/U+E5JICA3TSb7IAjrprpHydxr
JBfPkIwkUWPRHtqBvniv9u1/DGMLbk3PNApsdBKuYPhxhrfS4TAfGJFmlAhYRCh3
D123AqlOR+4pPmCCSdmRwFdTv+KFrgNDgIvPRjCqKGSLvIAt5paqCoa3Lp68fWmz
MviXTmTmOLVJ2rvGCNAfJTs2JeyCH+9rGvOt1tpF/NCSMwVv8W4GcT9f8+BWkUiG
oG1mhuXeU7c=
=aaCp
-----END PGP SIGNATURE-----

« Back to bulletins