logo
DATABASE RESOURCES PRICING ABOUT US

SA134 : Linux Kernel Vulnerabilities Oct/Nov 2016

Description

### SUMMARY Blue Coat products that include a vulnerable version of the Linux kernel are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to cause denial of service through system crashes or have unspecified other impact. A local attacker can also escalate their privileges on the system (aka Dirty COW). ### AFFECTED PRODUCTS The following products are vulnerable: **Content Analysis System (CAS)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-7039 | 2.2 and later | Not vulnerable, fixed in 2.2.1.1 2.1 | Upgrade to later release with fixes. 1.3 | Upgrade to 1.3.7.5. **Director** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-9555 | 6.1 | Not available at this time **Malware Analysis Appliance (MAA)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195 | 4.2 | Upgrade to 4.2.11. CVE-2016-7039, CVE-2016-8666, CVE-2016-9555 | 4.2 | Upgrade to 4.2.12. **Mail Threat Defense (MTD)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-7039 | 1.1 | Not available at this time **Management Center (MC)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-7039 | 1.9 and later | Not vulnerable, fixed in 1.9.1.1 1.8 | Upgrade to later release with fixes. 1.7 | Upgrade to later release with fixes. **Norman Shark Industrial Control System Protection (ICSP)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-8666, CVE-2016-9555 | 5.4 and later | Not vulnerable, fixed in 5.4.1 5.3 | Not available at this time **Norman Shark Network Protection (NNP)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-8666, CVE-2016-9555 | 5.3 | A fix will not be provided. **Norman Shark SCADA Protection (NSP)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-8666, CVE-2016-9555 | 5.3 | A fix will not be provided. Customers who use NSP for USB cleaning can switch to a version of ICSP with fixes. **Reporter** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-7039 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 10.1 | Upgrade to 10.1.5.4. 9.5 | Not vulnerable 9.4 | Not vulnerable **Security Analytics (SA)** --- **CVE** | **Affected Version(s)** | **Remediation** All CVEs | 7.3 and later | Not vulnerable, fixed in 7.3.1 CVE-2016-5195 | 7.2 | Upgrade to 7.2.2. 6.6, 7.1 | Upgrade to later release with fixes. CVE-2016-9555 | 7.2 | Upgrade to 7.2.3. 6.6, 7.1 | Upgrade to later release with fixes. **SSL Visibility (SSLV)** --- **CVE** | **Affected Version(s)** | **Remediation** All CVEs | 4.1 and later | Not vulnerable, fixed in 4.1.1.1 3.12 | Not vulnerable, fixed in 3.12.1.1 CVE-2016-7039 | 4.0 | Upgrade to later release with fixes. CVE-2016-5195 | 3.11 (not vulnerable to known vectors of attack) | Not vulnerable, fixed in 3.11.1.1 3.10 (not vulnerable to known vectors of attack) | Upgrade to 3.10.2.1. 3.9 (not vulnerable to known vectors of attack) | Upgrade to 3.9.7.1. 3.8.4FC (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. CVE-2016-9555 | 3.11 (not vulnerable to known vectors of attack) | Upgrade to 3.11.3.1. 3.10 (not vulnerable to known vectors of attack) | Not available at this time 3.9 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. 3.8.4FC (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. **X-Series XOS** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195 | 11.0 | Not available at this time 10.0 | Not available at this time 9.7 | Upgrade to later release with fixes. The following products have a vulnerable version of the Linux kernel, but are not vulnerable to known vectors of attack: **Advanced Secure Gateway (ASG)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-9555 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 6.6 | Upgrade to 6.6.5.8. **PacketShaper (PS) S-Series** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-9555 | 11.9 and later | Not vulnerable, fixed in 11.9.1.1 11.7, 11.8 | Upgrade to later release with fixes. 11.6 | Upgrade to 11.6.4.2. 11.5 | Upgrade to later release with fixes. **PolicyCenter (PC) S-Series** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-5195, CVE-2016-9555 | 1.1 | Upgrade to 1.1.4.2. ### ADDITIONAL PRODUCT INFORMATION Blue Coat products that use a native installation of the Linux kernel but do not install or maintain the kernel are not vulnerable to the attacks using the CVEs in this Security Advisory. However, the underlying platform that installs and maintains the Linux kernel may be vulnerable. Blue Coat urges our customers to update the versions of the Linux kernel that are natively installed for Client Connector, Cloud Data Protection, ProxyClient, and Reporter 9.x for Linux. Some Blue Coat products do not provide Linux shell access, do not execute arbitrary code from external sources, or do not act as an SCTP server. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided. * **ASG:** CVE-2016-5195 (Dirty COW) and CVE-2016-9555 * **CAS:** CVE-2016-5195 (Dirty COW) (1.3 only) and CVE-2016-9555 * **MTD:** CVE-2016-5195 (Dirty COW) and CVE-2016-9555 * **MC:** CVE-2016-5195 (Dirty COW) and CVE-2016-9555 * **PacketShaper S-Series:** CVE-2016-5195 (Dirty COW) and CVE-2016-9555 * **PolicyCenter S-Series:** CVE-2016-5195 (Dirty COW) and CVE-2016-9555 * **Reporter:** CVE-2016-5195 (Dirty COW) * **SSL Visibility:** CVE-2016-5195 (Dirty COW) (3.x only) and CVE-2016-9555 * **XOS:** CVE-2016-9555 The following products are not vulnerable: **Android Mobile Agent AuthConnector BCAAA Blue Coat HSM Agent for the Luna SP CacheFlow Client Connector Cloud Data Protection for Salesforce Cloud Data Protection for Salesforce Analytics Cloud Data Protection for ServiceNow Cloud Data Protection for Oracle CRM On Demand Cloud Data Protection for Oracle Field Service Cloud Cloud Data Protection for Oracle Sales Cloud Cloud Data Protection Integration Server Cloud Data Protection Communication Server Cloud Data Protection Policy Builder General Auth Connector Login Application IntelligenceCenter IntelligenceCenter Data Collector K9 PacketShaper PolicyCenter ProxyClient ProxyAV ProxyAV ConLog and ConLogXP ProxySG Unified Agent Web Isolation** Blue Coat no longer provides vulnerability information for the following products: **DLP** Please, contact Digital Guardian technical support regarding vulnerability information for DLP. ### ISSUES **CVE-2016-5195** --- **Severity / CVSSv2** | High / 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) **References** | SecurityFocus: [BID 93793](<https://www.securityfocus.com/bid/93793>) / NVD: [CVE-2016-5195](<https://nvd.nist.gov/vuln/detail/CVE-2016-5195>) **Impact** | Privilege escalation **Description** | A race condition in the memory manager copy-on-write (COW) functionality allows a local attacker to write to read-only memory mappings and escalate their privileges on the system. **CVE-2016-7039** --- **Severity / CVSSv2** | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) **References** | SecurityFocus: [BID 93476](<https://www.securityfocus.com/bid/93476>) / NVD: [CVE-2016-7039](<https://nvd.nist.gov/vuln/detail/CVE-2016-7039>) **Impact** | Denial of service **Description** | An unbound recursion flaw in VLAN and Transparent Ethernet Bridging (TEB) Generic Receive Offload (GRO) handling allows a remote attacker to send large crafted packets and cause a system crash, resulting in denial of service. **CVE-2016-8666** --- **Severity / CVSSv2** | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) **References** | SecurityFocus: [BID 93562](<https://www.securityfocus.com/bid/93562>) / NVD: [CVE-2016-8666](<https://nvd.nist.gov/vuln/detail/CVE-2016-8666>) **Impact** | Denial of service **Description** | An unbound recursion flaw in Generic Receive Offload (GRO) handling allows a remote attacker to send crafted packets with tunnel stacking and cause a system crash, resulting in denial of service. **CVE-2016-9555** --- **Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) **References** | SecurityFocus: [BID 94479](<https://www.securityfocus.com/bid/94479>) / NVD: [CVE-2016-9555](<https://nvd.nist.gov/vuln/detail/CVE-2016-9555>) **Impact** | Denial of service, unspecified impact **Description** | A buffer overread flaw in SCTP packet handling allows a remote attacker to send crafted SCTP packets and cause denial or service or have unspecified other impact. ### MITIGATION CVE-2016-7039, CVE-2016-8666, and CVE-2016-9555 can be exploited only through the management interfaces for all vulnerable products. Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities. By default, Director and Security Analytics do not act as an SCTP server. Customers who leave this behavior unchanged prevent attacks using CVE-2016-9555 against these products. ### REFERENCES Dirty COW - <https://dirtycow.ninja/> ### REVISION 2020-04-23 Advisory status moved to Closed. 2020-04-04 A fix for PolicyCenter S-Series is available in 1.1.4.2. 2019-10-02 Web Isolation is not vulnerable. 2019-01-28 SA 8.0 is not vulnerable. ICSP 5.4 is not vulnerable because a fix is available in 5.4.1. 2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-01-11 A fix for CAS 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-08-07 A fix for CVE-2016-7039, CVE-2016-8666, and CVE-2016-9555 for MA is available in 4.2.12. 2018-08-03 Customers who use NSP for USB cleaning can switch to a version of Industrial Control System Protection (ICSP) with fixes. 2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark SCADA Protection (NSP) 5.3 will not be provided. 2018-04-26 A fix for SSLV 4.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-22 CA 2.3 is not vulnerable. A fix for PacketShaper S-Series 11.6 is available in 11.6.4.2. PacketShaper S-Series 11.10 is not vulnerable. 2017-11-16 A fix for PacketShaper S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1. 2017-11-08 CAS 2.2 is not vulnerable because a fix is available in 2.2.1.1. 2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1. 2017-08-03 SSLV 4.1 is not vulnerable because a fix is available in 4.1.1.1. 2017-07-25 PS S-Series 11.9 is not vulnerable because a fix is available in 11.9.1.1. 2017-07-20 MC 1.10 is not vulnerable. 2017-06-22 Security Analytics 7.3 is not vulnerable. 2017-06-22 A fix for all CVEs in Reporter 10.1 is available in 10.1.5.4. 2017-06-05 PS S-Series 11.8 has a vulnerable version of the Linux kernel. A fix is not available at this time. 2017-05-29 A fix for Security Analytics 6.6 will not be provided. Please, upgrade to a later version with the vulnerability fixes. 2017-05-26 A fix for CAS 1.3 is available in 1.3.7.5. 2017-05-19 A fix for ASG 6.6 is available in 6.6.5.8. 2017-05-18 CAS 2.1 is vulnerable to CVE-2016-7039. It also has a vulnerable version of the Linux kernel for CVE-2016-9555, but is not vulnerable to known vectors of attack. 2017-04-12 A fix for CVE-2016-9555 in SSLV 3.11 is available in 3.11.3.1. 2017-03-30 It was previously reported that CAS, MTD, MC, Reporter 10.1, and SSLV 4.0 are vulnerable to CVE-2016-8666. Further investigation indicates that these products are not vulnerable to CVE-2016-8666. MC 1.9 is not vulnerable because a fix for all CVEs is available in 1.9.1.1. 2017-03-16 A fix for CVE-2016-5195 in SSLV 3.10 is available in 3.10.2.1. 2017-03-09 A fix for all CVEs in Security Analytics 7.2 is available in 7.2.3. 2017-03-08 MC 1.8 and SSLV 4.0 are vulnerable to CVE-2016-7039 and CVE-2016-8666. 2017-01-25 It was previously reported that Security Analytics 6.6, 7.1, and 7.2 are vulnerable to CVE-2016-7039 and CVE-2016-8666. Further investigation indicates that Security Analytics is not vulnerable. Fixes for CVE-2016-5195 (Dirty COW) in SA 6.6 and 7.1 are not available at this time. 2017-01-13 A fix for CVE-2016-5195 in SSLV 3.9 is available in 3.9.7.1. 2016-12-19 A fix for CVE-2016-5195 (Dirty COW) in MAA 4.2 is available in 4.2.11. 2016-12-08 initial public release


Affected Software


CPE Name Name Version
content analysis system (cas) 2
content analysis system (cas) 2
content analysis system (cas) 1
director 6
malware analysis appliance (maa) 4
malware analysis appliance (maa) 4
mail threat defense (mtd) 1
management center (mc) 1
management center (mc) 1
management center (mc) 1
norman shark industrial control system protection (icsp) 5
norman shark industrial control system protection (icsp) 5
norman shark network protection (nnp) 5
norman shark scada protection (nsp) 5
reporter 1
reporter 1
reporter 9
reporter 9
security analytics (sa) 7
security analytics (sa) 7
security analytics (sa) 6
security analytics (sa) 7
security analytics (sa) 7
security analytics (sa) 6
security analytics (sa) 7
ssl visibility (sslv) 4
ssl visibility (sslv) 3
ssl visibility (sslv) 4
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
x-series xos 1
x-series xos 1
x-series xos 9
advanced secure gateway (asg) 6
advanced secure gateway (asg) 6
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
policycenter (pc) s-series 1

Related