SA120 : Truncated Diffie-Hellman Secret Generation in libssh2

Click to Subscribe
Security Advisory ID: 
SA120
Published Date: 
Apr 28, 2016
Advisory Status: 
Interim
Advisory Severity: 
Medium
CVSS v2 base score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE Number: 
CVE-2016-0787 - 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Blue Coat products that include affected versions of libssh2 are susceptible to a truncated Diffie-Hellman secret length vulnerability.  A remote man-in-the-middle (MITM) attacker can exploit this vulnerability to intercept SSH connections that originate from Blue Coat products. The MITM attacker can read and modify the data encrypted in the intercepted SSH connections.

Affected Products:

The following products are vulnerable:

Advanced Secure Gateway
ASG 6.6 prior to 6.6.5.1 is vulnerable.

Content Analysis System
CAS 1.2 and 1.3 prior to 1.3.7.1 are vulnerable.  CAS 2.1 is not vulnerable.

Director
Director 6.1 prior to 6.1.23.1 is vulnerable.

Mail Threat Defense
MTD 1.1 is vulnerable.

Reporter
Reporter 10.1 prior to 10.1.4.2 is vulnerable.  Reporter 9.4 and 9.5 are not vulnerable.

Security Analytics
SA 6.6, 7.0, and 7.1 are vulnerable.  SA 7.2 and 7.3 are not vulnerable.

X-Series XOS
XOS 10.0 prior to 10.0.6 and 11.0 prior to 11.0.2 are vulnerable.  XOS 9.7 is not vulnerable.

The following products have a vulnerable version of libssh2, but are not vulnerable to known vectors of attack:

Management Center
MC 1.5 has a vulnerable version of libssh2.  MC 1.6, 1.7, 1.8, 1.9 and 1.10 are not vulnerable.

PacketShaper S-Series
PS S-Series 11.2, 11.3, 11.4, and 11.5 prior to 11.5.3.2 have a vulnerable version of libssh2. PS S-Series 11.6, 11.7, 1.8 and 11.9 are not vulnerable.

PolicyCenter S-Series
PC S-Series 1.1 prior to 1.1.2.2 has a vulnerable version of libssh2.

The following products are not vulnerable:
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
Malware Analysis Appliance
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
PacketShaper
PolicyCenter
ProxyClient
ProxyAV
ProxyAV ConLog and ConLogXP
ProxySG
SSL Visibility
Unified Agent

Blue Coat no longer provides vulnerability information for the following products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.

Advisory Details: 

This Security Advisory addresses a truncated Diffie-Hellman (DH) secret generation flaw in the SSH client implementation of the libssh2 library (CVE-2016-0787).  Blue Coat products that include a vulnerable version of libssh2 and use it for SSH client connections are vulnerable.

The Diffie-Hellman key exchange module in libssh2 truncates the number of random bits generated for ephemeral DH secrets to 1/8th the intended number of random bits (128 bits instead of 1024 bits, or 256 bits instead of 2048 bits).  As a result, the strength of the ephemeral DH secret is drastically reduced.  The affected key exchange methods in libssh2 are:

  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256

A remote man-in-the-middle (MITM) attacker can exploit the truncated ephemeral DH secret to intercept, decrypt, and modify SSH client connections on Blue Coat products.

The products listed below have a vulnerable version of libssh2, but do not utilize it for SSH client connections and are thus not known to be vulnerable.  However, libssh2 fixes will be included in the patches that are provided.

  • Management Center
  • PacketShaper S-Series
  • PolicyCenter S-Series
Workarounds: 

There are no known workarounds.

Patches: 

Advanced Secure Gateway
ASG 6.6 - a fix is available in 6.6.5.1.

Content Analysis System
CAS 1.3 - a fix is available in 1.3.7.1.
CAS 1.2 - a fix will not be provided.  Please upgrade to a later version with the vulnerability fixes.

Director
Director 6.1 - a fix is available in 6.1.23.1.

Mail Threat Defense
MTD 1.1 - a fix is not available at this time.

Management Center
MC 1.6 - a fix is available in 1.6.1.1.
MC 1.5 - a fix will not be provided.  Please upgrade to a later version with the vulnerability fixes.

PacketShaper S-Series
PS S-Series 11.5 - a fix is available in 11.5.3.2.
PS S-Series 11.4 - a fix will not be provided.  Please upgrade to a later version with the vulnerability fixes.
PS S-Series 11.3 - a fix will not be provided.  Please upgrade to a later version with the vulnerability fixes.
PS S-Series 11.2 - a fix will not be provided.  Please upgrade to a later version with the vulnerability fixes.

PolicyCenter S-Series
PC S-Series 1.1 - a fix is available in 1.1.2.2.

Reporter
Reporter 10.1 - a fix is available in 10.1.4.2.

Security Analytics
SA 7.2 - a fix is available in 7.2.1.
SA 7.1 - a fix is available through a patch RPM from Blue Coat Support.
SA 7.0 - a fix will not be provided.  Please upgrade to a later version with the vulnerability fixes.
SA 6.6 - a fix is available through a patch RPM from Blue Coat Support.

X-Series XOS
XOS 11.0 - a fix is available in 11.0.2.
XOS 10.0 - a fix is available in 10.0.6.

Advisory History: 

2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PacketShaper S-Series 11.8 is not vulnerable.
2017-05-18 CAS 2.1 is not vulnerable.
2017-04-30 A fix for Director 6.1 is available in 6.1.23.1.
2017-03-30 MC 1.9 is not vulnerable.
2017-03-06 MC 1.8 is not vulnerable.  Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2016-12-04 PacketShaper S-Series 11.7 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-10-26 A fix for ASG is available in 6.6.5.1.  A fix for Reporter 10.1 is available in 10.1.4.2.  A fix for MC 1.6 is available in 1.6.1.1.  MC 1.7 is not vulnerable.  A fix for MC 1.5 will not be provided.
2016-08-12 Security Analytics 7.2 is not vulnerable.  A fix for CAS 1.3 is available in 1.3.7.1.
2016-07-16 A fix for XOS 10.0 is available in 10.0.6.  A fix for XOS 11.0 is available in 11.0.2.
2016-06-30 PacketShaper S-Series 11.6 is not vulnerable.
2016-06-24 A fix for PS S-Series 11.5 is available in 11.5.3.2.  A fix for PC S-Series is available in 1.1.2.2.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-05-09 Fixes for Security Analytics 6.6 and 7.1 are available through patch RPMs from Blue Coat support.
2016-04-28 initial public release