logo
DATABASE RESOURCES PRICING ABOUT US

SA144 : OpenSSH Vulnerabilities January 2017

Description

### SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client. A local attacker can also exploit these vulnerabilities to obtain private key information and escalate their privileges on the system. ### AFFECTED PRODUCTS The following products are vulnerable: **Director** --- **CVE** | **Affected Version(s)** | **Remediation** All CVEs | 6.1 | Upgrade to a version of MC with the fixes. **Malware Analysis Appliance (MAA)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011 CVE-2016-10012 | 4.2 | Upgrade to 4.2.12. **Norman Shark Industrial Control System Protection (ICSP)** --- **CVE** | **Affected Version(s)** | **Remediation** All CVEs | 5.4 and later | Not vulnerable, fixed in 5.4.1 5.3 | Upgrade to later release with fixes. **Norman Shark Network Protection (NNP)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10012, CVE-2016-10011 | 5.3 | A fix will not be provided. **Norman Shark SCADA Protection (NSP)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10012, CVE-2016-10011 | 5.3 | A fix will not be provided. Customers who use NSP for USB cleaning can switch to a version of ICSP with fixes. **Security Analytics** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 7.3 and later | Not vulnerable, fixed in 7.3.1. 7.2 | Upgrade to 7.2.3. 7.1 | Upgrade to later release with fixes. 6.6 | Upgrade to later release with fixes. **X-Series XOS** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 9.7, 10.0, 11.0 | A fix will not be provided. The following products have a vulnerable version of OpenSSH, but are not vulnerable to known vectors of attack: **Advanced Secure Gateway (ASG)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 7.1 and later | Not vulnerable, fixed in 7.1.1.1 6.7 | Upgrade to 6.7.4.2. 6.6 | Upgrade to later release with fixes. **Content Analysis System (CAS)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 3.0 and later | Not vulnerable, fixed in 3.0.1.1 2.4 | Upgrade to 2.4.2.1 1.3, 2.1, 2.2, 2.3 | Upgrade to later release with fixes. **Mail Threat Defense (MTD)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. **Management Center (MC)** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 3.0 | Not vulnerable, fixed in 3.0.1.1 2.4 and earlier | Upgrade to later release with fixes. **PacketShaper (PS) S-Series** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 11.5, 11.6, 11.7, 11.8, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. **PolicyCenter (PC) S-Series** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 1.1 | A fix will not be provided. Allot NetXplore is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. **Reporter** --- **CVE** | **Affected Version(s)** | **Remediation** CVE-2016-10009, CVE-2016-10011, CVE-2016-10012 | 10.3 and later | Not vulnerable, fixed in 10.3.1.1 10.1, 10.2 | Upgrade to later release with fixes. All CVEs | 9.4, 9.5 | Not vulnerable **SSL Visibility (SSLV)** --- **CVE** | **Affected Version(s)** | **Remediation** All CVEs | 5.0 | Not vulnerable, fixed in 5.0.2.1. 4.5 | Not vulnerable, fixed in 4.5.1.1. 4.0, 4.1, 4.2, 4.3, 4.4 | Upgrade to later release with fixes. 3.12 | Upgrade to later release with fixes. 3.11 | Upgrade to later release with fixes. 3.10 | Upgrade to later release with fixes. 3.9 | Upgrade to later releases with fixes. 3.8.4FC | Upgrade to later releases with fixes. ### ADDITIONAL PRODUCT INFORMATION Blue Coat products do not enable or use all functionality within OpenSSH. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided. * **ASG:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **CAS:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **MTD:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **MC:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **PacketShaper S-Series:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **PolicyCenter S-Series:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **Reporter 10.x:** CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012 * **SSLV:** all CVEs * **XOS 9.7:** CVE-2016-10010 The following products are not vulnerable to any of the CVEs in this advisory: **Android Mobile Agent AuthConnector BCAAA Blue Coat HSM Agent for the Luna SP CacheFlow Client Connector Cloud Data Protection for Salesforce Cloud Data Protection for Salesforce Analytics Cloud Data Protection for ServiceNow Cloud Data Protection for Oracle CRM On Demand Cloud Data Protection for Oracle Field Service Cloud Cloud Data Protection for Oracle Sales Cloud Cloud Data Protection Integration Server Cloud Data Protection Communication Server Cloud Data Protection Policy Builder General Auth Connector Login Application IntelligenceCenter IntelligenceCenter Data Collector K9 PacketShaper PolicyCenter ProxyAV ProxyAV ConLog and ConLogXP ProxyClient ProxySG Unified Agent Web Isolation** Blue Coat no longer provides vulnerability information for the following products: **DLP** Please, contact Digital Guardian technical support regarding vulnerability information for DLP. ### ISSUES **CVE-2016-10009** --- **Severity / CVSSv2** | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) **References** | SecurityFocus: [BID 94968](<https://www.securityfocus.com/bid/94968>) / NVD: [CVE-2016-10009](<https://nvd.nist.gov/vuln/detail/CVE-2016-10009>) **Impact** | Code execution **Description** | A flaw in ssh-agent allows a remote attacker with local access to an SSH server to execute arbitrary code on an SSH client host that enables agent forwarding. **CVE-2016-10010** --- **Severity / CVSSv2** | Medium / 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) **References** | SecurityFocus: [BID 94972](<https://www.securityfocus.com/bid/94972>) / NVD: [CVE-2016-10010](<https://nvd.nist.gov/vuln/detail/CVE-2016-10010>) **Impact** | Privilege escalation **Description** | A flaw in the SSH daemon with privilege separation disabled allows a local attacker escalate their privileges on the system via unspecified vectors. **CVE-2016-10011** --- **Severity / CVSSv2** | Low / 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) **References** | SecurityFocus: [BID 94977](<https://www.securityfocus.com/bid/94977>) / NVD: [CVE-2016-10011](<https://nvd.nist.gov/vuln/detail/CVE-2016-10011>) **Impact** | Information disclosure **Description** | A flaw in the SSH daemon with privilege separation enabled allows a local attacker with access to a privilege-separated child process to obtain private key information. **CVE-2016-10012** --- **Severity / CVSSv2** | High / 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) **References** | SecurityFocus: [BID 94975](<https://www.securityfocus.com/bid/94975>) / NVD: [CVE-2016-10012](<https://nvd.nist.gov/vuln/detail/CVE-2016-10012>) **Impact** | Privilege escalation **Description** | A flaw in the SSH daemon pre-authentication compression implementation allows a local attacker with access to a sandboxed privelege-separated child process to escalate their privileges on the system. ### MITIGATION By default, Director does not enable privilege separation and pre-authentication compression. Customers who leave this default behavior unchanged prevent attacks against these products using CVE-2016-10010, CVE-2016-10011, and CVE-2016-10012. By default, MAA, ICSP, NNP, and NSP do not use ssh-agent and do not enable SSH agent forwarding and pre-authentication compression. Customers who leave this default behavior unchanged prevent attacks against these products using CVE-2016-10009 and CVE-2016-10011. By default, Security Analytics does not use ssh-agent and does not enable SSH agent forwarding and pre-authentication compression. Customers who leave this default behavior unchanged prevent attacks against these products using CVE-2016-10009 and CVE-2016-10012. ### REVISION 2021-08-18 A fix for CA 2.4 is available in 2.4.2.1. Advisory Status changed to Closed. 2021-02-17 A fix for CA 2.3 and MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2020-11-17 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. 2020-08-19 MC 3.0 is not vulnerable because a fix is available in 3.0.1.1. A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2020-04-27 A fix for Advanced Secure Gateway (ASG) 6.7 is available in 6.7.4.2. ASG 7.1 and later versions are not vulnerable because a fix is available in 7.1.1.1. Content Analysis (CA) 2.4 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. CA 3.0 is not vulnerable because a fix is available in 3.0.1.1. Fixes will not be provided for Industrial Control System Protection (ICSP) 5.3 and SSL Visibility (SSLV) 4.4. Please upgrade to later versions with the vulnerability fixes. 2020-04-04 A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. 2019-10-02 Web Isolation is not vulnerable. 2019-09-05 A fix for MC 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-08-29 Reporter 10.3 and 10.4 are not vulnerable because a fix for all CVEs is available in 10.3.1.1. 2019-08-12 MC 2.2 and MC 2.3 have vulnerable versions of OpenSSH, but are not vulnerable to known vectors of attack. A fix for MC 2.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-08-09 SSLV 4.5 is not vulnerable because a fix is available in 4.5.1.1. 2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-08-05 A fix for SSLV 4.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-02-04 A fix will not be provided for CA 1.3 and 2.2. Please upgrade to a later version with the vulnerability fixes. 2019-01-21 Security Analytics 8.0 is not vulnerable. ICSP 5.3 is vulnerable to all CVEs. ICSP 5.4 is not vulnerable because a fix is available in 5.4.1. 2019-01-18 SSLV 4.3 and 4.4 have vulnerable version of OpenSSH, but are not vulnerable to known vectors of attack. SSLV 5.0 is not vulnerable because a fix is available in 5.0.2.1. 2019-01-14 MC 2.1 and Reporter 10.3 have vulnerable versions of OpenSSH, but are not vulnerable to known vectors of attack. A fix for MC 1.11 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-08-03 Customers who use NSP for USB cleaning can switch to a version of Industrial Control System Protection (ICSP) with fixes. 2018-07-27 A fix for MA 4.2 is available in 4.2.12. 2018-07-26 MC 2.0 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark SCADA Protection (NSP) 5.3 will not be provided. 2018-06-26 A fix for SSLV 4.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-06-25 A fix for SSLV 3.11 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-26 A fix for SSLV 4.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-22 CA 2.3, PacketShaper S-Series 11.10, and Reporter 10.2 have a vulnerable version of OpenSSH, but are not vulnerable to known vectors of attack. 2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-15 SSLV 3.12 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. A fix is not available at this time. 2017-11-15 SSLV 4.2 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. A fix is not available at this time. 2017-11-09 MC 1.11 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-08 CAS 2.2 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2017-11-06 ASG 6.7 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2017-08-03 SSLV 4.1 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. A fix is not available at this time. 2017-06-05 PS S-Series 11.9 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2017-07-23 MC 1.10 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-06-22 Security Ananlytics 7.3 is not vulnerable. 2017-06-08 Reporter 10.1 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. Reporter 9.4 and 9.5 are not vulnerable. 2017-06-05 PS S-Series 11.8 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2017-05-29 A fix for Security Analytics 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-05-19 CAS 2.1 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2017-05-03 Director 6.1 is vulnerable to all CVEs. 2017-03-30 MC 1.9 has a vulnerable version of OpenSSH, but is not vulnerable to known vectors of attack. 2017-03-02 initial public release


Affected Software


CPE Name Name Version
director 6
malware analysis appliance (maa) 4
norman shark industrial control system protection (icsp) 5
norman shark industrial control system protection (icsp) 5
norman shark network protection (nnp) 5
norman shark scada protection (nsp) 5
security analytics 7
security analytics 7
security analytics 7
security analytics 6
x-series xos 9
x-series xos 1
x-series xos 1
advanced secure gateway (asg) 7
advanced secure gateway (asg) 6
advanced secure gateway (asg) 6
content analysis system (cas) 3
content analysis system (cas) 2
content analysis system (cas) 1
content analysis system (cas) 2
content analysis system (cas) 2
content analysis system (cas) 2
mail threat defense (mtd) 1
management center (mc) 3
management center (mc) 2
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
packetshaper (ps) s-series 1
policycenter (pc) s-series 1
reporter 1
reporter 1
reporter 1
reporter 9
reporter 9
ssl visibility (sslv) 5
ssl visibility (sslv) 4
ssl visibility (sslv) 4
ssl visibility (sslv) 4
ssl visibility (sslv) 4
ssl visibility (sslv) 4
ssl visibility (sslv) 4
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3
ssl visibility (sslv) 3

Related