Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0014 Blue Coat products using glibc vulnerable to remote code execution 30 January 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Blue Coat Content Analysis System Blue Coat Director Blue Coat DLP Blue Coat Malware Analysis Appliance Blue Coat Malware Analyzer G2 Blue Coat Management Center Blue Coat Norman Shark Industrial Control System Protection Blue Coat Norman Shark Network Protection Blue Coat Norman Shark SCADA Protection Blue Coat PacketShaper S-Series Blue Coat Security Analytics Blue Coat SSL Visibility Blue Coat X-Series Operating System: Network Appliance VMware ESX Server Windows Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-0235 Member content until: Sunday, March 1 2015 OVERVIEW Blue Coat has identified numerous products which are affected by the "GHOST" vulnerability in glibc. [1] Affected product Version Content Analysis System (CAS) 1.2 1.1 Director 6.x DLP 9.x 8.x 7.x Malware Analysis Appliance (MAA) 4.2 4.1 Malware Analyzer G2 (MAG2) All versions Management Center (MC) 1.x Norman Shark Industrial Control 5.x System Protection (ICSP) Norman Shark Network Protection (NNP) 5.x Norman Shark SCADA Protection (NSP) 5.x PacketShaper S-Series 11.x SecureAnalytics (SA) 7.1 7.0 6.6 SSL Visibility (SSLV) 3.8 3.7 3.6 3.5 X-Series (XOS) 10.0 9.7 9.6 9.5 IMPACT Blue Coat has provided the following details regarding the vulnerability: CVE-2015-0235: "A buffer overflow exists in the GNU C Library (glibc) that allows a remote attacker to execute arbitrary code using the permissions of the application. A remote attacker could use this vulnerability to gain administrator or root access to Blue Coat products using affected versions of glibc". [1] MITIGATION Blue Coat advises that no patches are currently available for affected products. Users of Blue Coat products running glibc are advised to: 1. upgrade products to versions which are not vulnerable. 2. update glibc to version 2.18. [1] REFERENCES [1] Ghost remote code execution in glibc https://bto.bluecoat.com/security-advisory/sa90 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVMrvrxLndAQH1ShLAQKIWA/+MBDsa0kOUe3NTbKDfTTozmf+nrDzet1Q DhsGHgsP0UCyeV/T0yas1OIpkrqDD1RaqZfqXkqvkePvtNNI8q/7kBI8O2A1bR/i eSLTx8Fmk0zxB6TrR1V/YBdcv2KjR7uFT7d6Z72VsukdHvGJlx7hxSmSSj4dnpkX CNB/EiEgYpK5bB1Wt37ob12O7SFMcSOh6J0TIJHIEdkwun0XDqTT2hprC8Qjes4A 9c2RwHLRWKPqRY3s391agStHfHyn2TybqcxLrS6GoYlfUxQFlxzHrvb1e+ceCh03 Lvpo6f3NjyWZo8p9Y2F77ofpMxAwfzTZDcNbTMKd82aZ+OcQBTcK5x1ZzhnUDOUJ Vjcs5I+b/HUB3CkbfsiQrM+bIMm6oHSoI/1JQyxs1T9jgh1A0tiG2qNir0s1UBvN ukfLm24L8zeOTVFF/bpdpBkNartNYSTo+VtswjrL/ckid1Z+xTH2vAxPabSlsJZT U51ubOGIhd3fO8GVm6C0DXsjI6VhP9FK2qI3DFQMko9WXVhYFRaKx04rM+T+nLc8 w81WmpQk7yWtrt6PxWLbpH/QwabdZRKI2OyVYD4TFrqNPXN30v7Tf2DOvBbB4kzB Wp6lrjAxPQSa85MqD9TsKioERtxZm7kt0XFyARidJ7OH26Tk2Osohh2kYYoKEnP5 5Qs3QPygFLo= =ZUrP -----END PGP SIGNATURE-----