EUVD-2015-4543

Malware in sbrugna...

Design/Logic Flaw

Blue Coat Malware Analysis Appliance MAA before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service host reboot or reset to factory defaults, or execute arbitrary code via vector...

CVE-2015-4523

The CVE-2015-4523 issue affects the Blue Coat Malware Analysis Appliance (MAA) and Malware Analyzer G2. A vulnerability allows a VM-escaped sample to bypass VM protections and write to the host file system, potentially overwriting files and causing a reboot or factory reset; in some cases it coul...

SA136 : OpenSSH Vulnerabilities

SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...

SA135 : OpenSSL Vulnerabilities 10-Nov-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain SSL/TLS session key information. AFFECTED PRODUCTS The following products are vulnerable: Director -...

SA123 : OpenSSL Vulnerabilities 3-May-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to intercept and decrypt TLS sessions, obtain arbitrary data from the target's memory stack, or execute arbitrary code through buffer...

SA117 : OpenSSL Vulnerabilities 1-Mar-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to decrypt live and recorded SSL sessions, cause denial of service through application crashes, and possibly execute arbitrary code. A...

SA114 : GNU C Library (glibc) Remote Code Execution February 2016

SUMMARY Blue Coat products using an affected version of the GNU C Library glibc are susceptible to a remote execution attack. A remote attacker can send a crafted DNS response to the glibc DNS resolver and cause the resolver to crash or execute arbitrary code. AFFECTED PRODUCTS The following...

SA111 : OpenSSL Vulnerabilities 28-Jan-2016

SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, and 0.9.8 are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain ephemeral Diffie-Hellman DHE private key information and perform man-in-the-middle attacks on SSL/TLS...

SA97 : Malware Analysis Appliance VM Escape

SUMMARY The Malware Analysis Appliance MAA is vulnerable to a virtual machine escape where a sample being analyzed could change content and destination path of files being saved on the hosts file system during analysis. Correct manipulation of the path and content could lead to code execution or...

SA98 : OpenSSL Security Advisory 11-June-2015

SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, 1.0.0, and 0.9.8 are vulnerable to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause a denial of service, memory corruption, application crash, or downgrade in the Diffie-Hellman...

SA94 : Malware Analysis Appliance Cross-site Scripting and Information Disclosure Vulnerabilities

SUMMARY The Malware Analysis Appliance MAA is vulnerable to cross-site scripting XSS and information disclosure vulnerabilities in search.php. An attacker can use these vulnerabilities to attack the client machine via XSS, and to obtain MAA user names, sample names, and user generated data about...