SA103 : October 2015 NTP Security Vulnerabilities

SUMMARY

Blue Coat products using affected 4.2 versions of the NTP software distribution from ntp.org are susceptible to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause denial of service due to application crashes, memory corruption and memory depletion. The attacker could also gain limited unauthorized write access and cause malicious code execution through a code injection attack.

AFFECTED PRODUCTS

The following products are vulnerable:

Content Analysis System

CVE |Affected Version(s)|Remediation
All CVEs except CVE-2015-7705 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1
CVE-2015-7704 | 1.3 | Upgrade to 1.3.6.1.
1.1, 1.2 | Upgrade to later release with fixes.
CVE-2015-7852 | 1.3 | Upgrade to 1.3.7.3.
1.1, 1.2 | Upgrade to later release with fixes.
All CVEs except CVE-2015-7704,
CVE-2015-7705, CVE-2015-7852 | 1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.3
1.1, 1.2 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.
CVE-2015-7705 | 2.4 and later | Not vulnerable, fixed in 2.3.5.1
2.3 | Upgrade to 2.3.5.1.
1.1, 1.2, 1.3, 2.1, 2.2 | Upgrade to later release with fixes.

Director

CVE |Affected Version(s)|Remediation
CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702,
CVE-2015-7703, CVE-2015-7705,
CVE-2015-7850, CVE-2015-7852 | 6.1 | Upgrade to 6.1.22.1.

Mail Threat Defense

CVE |Affected Version(s)|Remediation
CVE-2015-7852 | 1.1 | Not available at this time

Management Center

CVE |Affected Version(s)|Remediation
CVE-2015-7704, CVE-2015-7852 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1
1.7 | Upgrade to 1.7.2.1.
1.4, 1.5, 1.6 | Upgrade to later release with fixes.
CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702,
CVE-2015-7703, CVE-2015-7705,
CVE-2015-7850 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1
1.7 (not vulnerable to known vectors of attack) | Upgrade to 1.7.2.1.
1.4, 1.5, 1.6 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.

Reporter

CVE |Affected Version(s)|Remediation
CVE-2016-7704 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 | Upgrade to 10.1.4.1.
CVE-2015-7852 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 | Upgrade to 10.1.5.1.
CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702,
CVE-2015-7703, | 10.2 and later (not vulnerable to known vectors of attack) | Not vulnerable, fixed in 10.2.1.1
10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.5.1.
CVE-2015-7705 | 10.5 | Not vulnerable, fixed in 10.5.1.1
10.1, 10.2, 10.3, 10.4 (not vulnerable to known vectors of attack) | A fix will not be provided. Reporter does not enable rate limiting in the NTP daemon and is not vulnerable to known vectors of attack.
CVE-2015-7850 | 10.5 | Not vulnerable, fixed in 10.5.1.1
10.3, 10.4 (not vulnerable to known vectors of attack) | A fix will not be provided. Reporter does not enable remote configuration in the NTP daemon and is not vulnerable to known vectors of attack.
10.2 (not vulnerable to known vectors of attack) | Not vulnerable, fixed in 10.2.1.1
10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.5.1.
All CVEs | 9.4, 9.5 | Not vulnerable

Security Analytics

CVE |Affected Version(s)|Remediation
CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702,
CVE-2015-7703, CVE-2015-7704,
CVE-2015-7852 | 7.2 and later | Not vulnerable, fixed in 7.2.1
7.1 | Upgrade to 7.1.11.
7.0 | Upgrade to later release with fixes.
6.6 | Upgrade to 6.6.12.
CVE-2015-7850 | 7.3 starting with 7.3.2, 8.0 and later | A fix will not be provided. Security Analytics disables remote configuration by default in the NTP daemon.
7.2, 7.3.1 | Not vulnerable, fixed in 7.2.1
7.1 | Apply patch RPM available from customer support.
7.0 | Upgrade to later release with fixes.
6.6 | Apply patch RPM available from customer support.
CVE-2015-7705 | All releases | A fix will not be provided. Security Analytics disables rate limiting by default in the NTP daemon.

SSL Visibility

CVE |Affected Version(s)|Remediation
CVE-2015-7705 | 4.0 and later | Not vulnerable fixed in 4.0.1.1
CVE-2015-7704, CVE-2015-7705,
CVE-2015-7871 | 3.10 and later 3.x | Not vulnerable, fixed in 3.10.1.1
3.9 | Upgrade to 3.9.3.1.
3.8.4FC | Upgrade to 3.8.4FC-55.
3.8 | Upgrade to later release with fixes.

X-Series XOS

CVE |Affected Version(s)|Remediation
CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702,
CVE-2015-7703, CVE-2015-7705,
CVE-2015-7850, CVE-2015-7852,
CVE-2015-7853, CVE-2015-7855 | 11.0 | Not available at this time
10.0 | Not available at this time
9.7 | Upgrade to later release with fixes.
CVE-2015-7704 | 11.0 | Not available at this time

The following products contain a vulnerable version of the NTP software distribution from ntp.org, but are not vulnerable to known vectors of attack:

Advanced Secure Gateway

CVE |Affected Version(s)|Remediation
CVE-2015-7704 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 | Upgrade to 6.6.4.1.
CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702,
CVE-2015-7703, CVE-2015-7852 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 | Upgrade to 6.6.5.1.
CVE-2015-7850 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 | Upgrade to 6.6.5.4.
CVE-2015-7705 | 7.1 and later | Not vulnerable, fixed in 7.1.1.1
6.7 | Upgrade to 6.7.4.2.
6.6 | A fix will not be provided. ASG does not use the NTP reference implementation for time synchronization and is not vulnerable to known vectors of attack.

ADDITIONAL PRODUCT INFORMATION

Exploiting CVE-2015-7704 in Management Center requires prior social engineering or network sniffing to discover the NTP servers configured. This increases exploitation complexity and thereby reduces the CVSS v2 score. The adjusted CVSS v2 base score for CVE-2015-7704 in Management Center is:

• CVE-2015-7704 - 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P)

In SSL Visibility, the NTP vulnerabilities can be exploited only through the same physical network port that is used by the product's management interfaces (web UI, CLD). Limiting the machines, IP addresses and subnets able to reach this physical network port reduces the threat. Also, exploiting CVE-2015-7704 and CVE-2015-7705 in SSL Visibility requires prior social engineering or network sniffing to discover the NTP servers configured. The reduced threat and increased exploitation complexity reduces the CVSS v2 scores for each CVE. The adjusted CVSS v2 base scores and severity are:

• CVE-2015-7704 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:N/A:P)
• CVE-2015-7705 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:N/A:P)
• CVE-2015-7871 - 4.8 (MEDIUM) (AV:A/AC:L/Au:N/C:N/I:P/A:P)

Blue Coat products do not enable or use all functionality within the NTP software distribution from ntp.org. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of the NTP software distribution, but do not use the functionality described in the CVEs and are not known to be vulnerable.

• ASG 6.6: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, and CVE-2015-7852
• ASG 6.7: CVE-2015-7705
• CAS: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, and CVE-2015-7850
• MTD: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, and CVE-2015-7850
• MC: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, and CVE-2015-7850
• Reporter 10.1: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, and CVE-2015-7850
• SSLV 3.x: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, and CVE-2015-7855
• SSLV 4.x: CVE-2015-7705

The following products are not vulnerable:
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
Malware Analysis Appliance
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
PacketShaper
PacketShaper S-Series
PolicyCenter
PolicyCenter S-Series
ProxyAV
ProxyAV ConLog and ConLogXP
ProxyClient
ProxySG
Unified Agent
Web Isolation

Blue Coat no longer provides vulnerability information for the following products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.

ISSUES

CVE-2015-7691

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77274 / NVD: CVE-2015-7691 Impact| Denial of service Description | A flaw allows an attacker to send authentication messages to the NTP daemon, causing the daemon to crash and resulting in denial of service.

CVE-2015-7692

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77285 / NVD: CVE-2015-7692 Impact| Denial of service Description | A flaw allows an attacker to send authentication messages to the NTP daemon, causing the daemon to crash and resulting in denial of service.

CVE-2015-7701

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77281 / NVD: CVE-2015-7701 Impact| Denial of service Description | A flaw allows an attacker to continuously send crafted packets to the NTP daemon, which eventually depletes its memory and causes a denial of service.

CVE-2015-7702

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77286 / NVD: CVE-2015-7702 Impact| Denial of service Description | A flaw allows an attacker to send authentication messages to the NTP daemon, causing the daemon to crash and resulting in denial of service.

CVE-2015-7703

Severity / CVSSv2 | Medium / 6.2 (AV:N/AC:H/Au:M/C:N/I:C/A:C) References| SecurityFocus: BID 77278 / NVD: CVE-2015-7703 Impact| Unauthorized modification of data Description | A flaw allows an attacker to send configuration requests to the NTP daemon, causing the daemon to potentially overwrite internal files.

CVE-2015-7704

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 77280 / NVD: CVE-2015-7704 Impact| Denial of service Description | A flaw allows an attacker to send Kiss-of-Death packets to the NTP daemon, causing it to stop its communication with a remote NTP server. The attacker must know the remote servers that the NTP daemon is communicating with.

CVE-2015-7705

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 77284 / NVD: CVE-2015-7705 Impact| Denial of service Description | A flaw allows an attacker to send Kiss-of-Death packets to the NTP daemon, causing it to rate limit its communication with a remote NTP server. The attacker must know the remote servers that the NTP daemon is communicating with.

CVE-2015-7848

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77275 / NVD: CVE-2015-7848 Impact| Denial of service Description | A flaw allows an attacker to send crafted query requests to the NTP daemon, causing the daemon to crash and resulting in a denial of service.

CVE-2015-7849

Severity / CVSSv2 | Medium / 6.8 (AV:N/AC:H/Au:M/C:C/I:C/A:C) References| SecurityFocus: BID 77276 / NVD: CVE-2015-7849 Impact| Denial of service, code execution Description | A flaw allows an attacker to send crafted configuration requests to the NTP daemon, causing the daemon to crash or execute malicious code.

CVE-2015-7850

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77279 / NVD: CVE-2015-7850 Impact| Denial of service Description | A flaw allows an attacker to send crafted configuration requests to the NTP daemon, causing the daemon to crash or create a large log file, and resulting in a denial of service.

CVE-2015-7851

Severity / CVSSv2 | Medium / 5.2 (AV:N/AC:H/Au:M/C:N/I:P/A:C) References| SecurityFocus: BID 77282 / Red Hat: CVE-2015-7851 Impact| Unauthorized modification of data Description | A flaw allows an attacker to send crafted configuration requests to the NTP daemon running on the VMS operating system, and cause the daemon to overwrite internal files.

CVE-2015-7852

Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P) References| SecurityFocus: BID 77288 / NVD: CVE-2015-7852 Impact| Denial of service Description | A flaw allows an attacker to sent crafted query responses to the ntpq query tool and cause ntpq to crash.

CVE-2015-7853

Severity / CVSSv2 | Medium / 5.9 (AV:L/AC:H/Au:M/C:C/I:C/A:C) References| SecurityFocus: BID 77273 / NVD: CVE-2015-7853 Impact| Code execution, denial of service Description | A flaw allows an attacker to cause a buffer overflow in the NTP daemon through a malicious reference clock driver. The buffer overflow can result in malicious code execution, or in a memory corruption and denial of service.

CVE-2015-7854

Severity / CVSSv2 | Medium / 6.8 (AV:N/AC:H/Au:M/C:C/I:C/A:C) References| SecurityFocus: BID 77277 / NVD: CVE-2015-7854 Impact| Denial of service Description | A flaw allows an attacker to send crafted configuration requests to the NTP daemon, causing the daemon to crash and resulting in a denial of service.

CVE-2015-7855

Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) References| SecurityFocus: BID 77283 / NVD: CVE-2015-7855 Impact| Denial of service Description | A flaw allows an attacker to send crafted query requests to the NTP daemon, causing the daemon to crash and resulting in a denial of service.

CVE-2015-7871

Severity / CVSSv2 | Medium / 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) References| SecurityFocus: BID 77287 / NVD: CVE-2015-7871 Impact| Unauthorized modification of system time Description | A flaw allows an attacker to send crypto-NAK messages to the NTP daemon, causing the daemon to synchronize the system time to a malicious time server without authenticating it.

MITIGATION

These vulnerabilities can be exploited only through the management network port for CAS, Director, Management Center, Reporter 10.1, and X-Series XOS. Allowing only machines, IP addresses and subnets from a trusted network to access to the management network port reduces the threat of exploiting the vulnerabilities.

By default, Director, Security Analytics and X-Series XOS do not enable the rate limiting, autokey, remote configuration, remote querying, and custom reference clock features in their NTP software. X-Series XOS also does not enable rate limiting. Customers who leave these NTP features disabled prevent attacks against these products using the following vulnerabilities:

• Director: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, and CVE-2015-7850.
• Security Analytics: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, and CVE-2015-7850.
• X-Series XOS: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, CVE-2015-7850, CVE-2015-7853, and CVE-2015-7855.

REFERENCES

NTP Project Security Notice - <https://support.ntp.org/bin/view/Main/SecurityNotice&gt;

REVISION

2020-04-26 A fix for CVE-2015-7705 in ASG 6.7 is available in 6.7.4.2. ASG 7.1 and later versions are not vulnerable because a fix is available in 7.1.1.1.
2020-04-20 A fix for CVE-2015-7705 in CA 2.3 is available in 2.3.5.1. CA 2.4 is not vulnerable because a fix is available in 2.4.1.1. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Fixes for CVE-2018-7850 in Security Analytics 7.3, 8.0, and 8.1 will not be provided. Security Analytics be default does not enable remote configuration in the NTP daemon. Customers who leave remote configuration disabled prevent attacks using CVE-2015-7850 against Security Analytics. Advisory status moved to Closed.
2020-04-18 Security Analytics 8.1 is vulnerable to CVE-2018-7850.
2019-10-02 Web Isolation is not vulnerable.
2019-08-29 Reporter 10.3 and 10.4 have vulnerable versions of the NTP software distribution from ntp.org for CVE-2015-7705 and CVE-2015-7850, but are not vulnerable to known vectors vectors of attack. Fixes for CVE-2015-7705 and CVE-2015-7850 will not be provided for Reporter 10.3 and 10.4.
2019-01-20 SA 7.3 starting with 7.3.2 and 8.0 are vulnerable to CVE-2015-7850. A fix for CVE-2015-7705 in SA 8.0 will not be provided. Rate limiting is disabled by default in the NTP daemon.
2019-01-18 SSLV 4.x is not vulnerable to CVE-2015-7705 because a fix is available in 4.0.1.1.
2019-01-14 A fix for CVE-2015-7705 for MC 1.x is available in 1.7.2.1.
2018-04-22 CAS 2.3 has a vulnerable version of the NTP software distribution from ntp.org, but is not vulnerable to known vectors of attack.
2017-11-08 CAS 2.2 has a vulnerable version of NTP software distribution from ntp.org for CVE-2015-7705, but is not vulnerable to known vectors of attack. A fix for CVE-2015-7705 in CAS 2.2 will not be provided. CAS 2.2 does not enable rate limiting in the NTP daemon and is not vulnerable to known vectors of attack.
2017-11-07 MC 1.8 and later releases have a vulnerable version of NTP software distribution from ntp.org for CVE-2015-7705. A fix will not be provided. MC does not enable rate limiting in the NTP daemon and is not vulnerable to known vectors of attack.
2017-11-06 ASG 6.7 has a vulnerable version of the NTP software distribution from ntp.org for CVE-2015-7705. Fixes will not be provided. ASG 6.7 does not use the NTP software distribution from ntp.org for time synchronization and is not vulnerable to known vectors of attack for CVE-2015-7705.
2017-11-04 It was previously reported that SSLV 4.0 and 4.1 are not vulnerable. Futher investigtion indicates that SSLV 4.x has a vulnerable version of the NTP software distribution from ntp.org for CVE-2015-7705. Fixes will not be provided. SSLV 4.x does not enable rate limiting in the NTP daemon and is not vulnerable to known vectors of attack.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-20 MC 1.10 has a vulnerable version of NTP software distribution from ntp.org for CVE-2015-7705, but is not vulnerable to known vectors of attack. A fix for CVE-2015-7705 in MC 1.9 will not be provided. MC 1.9 does not enable rate limiting in the NTP daemon and is not vulnerable to known vectors of attack.
2017-07-14 A fix for CVE-2017-7705 will not be provided for ASG, CAS, MC, Reporter, and Security Analytics. ASG does not use the NTP reference implementation for time synchronization. CAS, MC, and Reporter do not enable rate limiting in the NTP daemon. Thus, these products are not vulnerable to known vectors of attack for CVE-2017-7705. Security Analytics does not enable rate limiting by default in the NTP daemon. Customers who keep it disabled prevent attacks against Security Analytics using CVE-2015-7705.
2017-06-22 A fix for all CVEs in Security Analytics 7.2 is available in 7.2.2. Security Analytics 7.3 is not vulnerable.
2017-05-17 CAS 2.1 is not vulnerable.
2017-03-30 MC 1.8 and 1.9 have a vulnerable version of NTP software distribution from ntp.org for CVE-2015-7705, but are not vulnerable to known vectors of attack.
2017-03-29 A fix for all CVEs except CVE-2015-7705 in ASG 6.6 is available in 6.6.5.4.
2017-03-08 A fix for Director is available in 6.1.22.1.
2017-03-06 SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2017-01-24 A fix for all CVEs except CVE-2015-7705 in CAS 1.3 is available in 1.3.7.3.
2017-01-10 A fix for all CVEs except CVE-2015-7705 in Reporter 10.1 is available in 10.1.5.1.
2016-12-04 SSLV 3.11 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-11-14 A fix for all CVEs except CVE-2015-7705 in MC 1.7 is available in 1.7.2.1.
2016-11-11 SSLV 3.10 is not vulnerable.
2016-09-22 MC 1.6 and 1.7 are vulnerable to CVE-2015-7852. Fixes for MC 1.5 and 1.6 will not be provided. Please upgrade to the latest version with the vulnerability fix.
2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55.
2016-08-12 A fix for all CVEs except CVE-2015-7705 in Security Analytics is available in 7.2.1. A fix for CVE-2015-7705 will not be provided. Rate limiting is disabled by default in the Security Analytics NTP software. Customers who keep it disabled prevent attacks using CVE-2015-7705.
2016-07-18 A fix for CVE-2015-7850 in Security Analytics 6.6 and 7.1 is available through a patch RPM from customer support. A fix for CVE-2015-7705 will not be provided. Rate limiting is disabled by default in the Security Analytics NTP software. Customers who keep it disabled prevent attacks using CVE-2015-7705.
2016-06-23 A fix for CVE-2015-7704 is available in ASG 6.6.4.1.
2016-06-16 PolicyCenter S-Series is not vulnerable.
2016-05-17 Fixes for all CVEs except CVE-2015-7705 and CVE-2015-7850 are available in Security Analytics 6.6.12 and 7.1.11. Previously it was reported that Security Analytics 6.6, 7.0, and 7.1 are vulnerable to CVE-2015-7848, CVE-2015-7849, CVE-2015-7853, CVE-2015-7854, and CVE-2015-7855. Further investigation indicates that Security Analytics is not vulnerable to these CVEs.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-04-23 MTD 1.1 is vulnerable to CVE-2015-7852. It also has vulnerable code for CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, and CVE-2015-7850, but it not vulnerable to known vectors of attack.
2016-04-21 Previously it was reported that Director is vulnerable to CVE-2015-7853 and CVE-2015-7855. It was also reported that CAS, MC, and Reporter 10.1 have vulnerable code for CVE-2015-7853 and CVE-2015-7855. New information indicates that CAS, Director, MC, and Reporter 10.1 are not vulnerable to these CVEs.
2016-04-15 Previously it was reported that CAS 1.x and Reporter 10.1 are vulnerable to CVE-2015-7705. New information indicates that CAS 1.x and Reporter 10.1 have vulnerable code, but do not enable NTP rate limiting and are not vulnerable to known vectors of attack.
2016-04-01 A fix for CVE-2015-7704 in Reporter 10.1 is available in 10.1.4.1. Reporter 9.4 and 9.5 are not vulnerable.
2016-03-14 A fix for CVE-2015-7704 in CAS 1.3 is available in 1.3.6.1.
2016-02-12 A fix for MC 1.4 will not be provided. Please upgrade to the latest version that has the vulnerability fix.
2016-02-11 Clarified that only Reporter 10.1 is vulnerable or has vulnerable code for the NTP vulnerabilities addressed in this Security Advisory. Reporter 9.4 and 9.5 are not vulnerable.
2016-02-04 New information indicates that X-Series XOS by default does not enable rate limiting in its NTP daemon. Customers who leave rate limiting disabled prevent attacks against XOS using CVE-2015-7705.
2016-01-22 A fix for SSLV 3.9 is available. A fix for SSLV 3.8 will not be provided.
2016-01-15 Previously, it was reported that MC 1.4 is vulnerable to CVE-2015-7705. New information has shown that MC 1.4 has vulnerable code, but does not use the vulnerable functionality, and so is not known to be vulnerable. A new release MC 1.5 is vulnerable to CVE-2015-7852.
2015-12-21 CAS, MC, Reporter 10.1, and SSLV have vulnerable NTP software, but do not use the vulnerable functionality and are not known to be vulnerable. The vulnerable software will be patched in future releases.
2015-12-09 Reporter 10.1 is vulnerable.
2015-12-07 PacketShaper S-Series is not vulnerable.
2015-12-01 Blue Coat HSM Agent for the Luna SP is not vulnerable.
2015-11-24 initial public release