SA120 : Truncated Diffie-Hellman Secret Generation in libssh2
- Status: Open
- Severity: Medium
- CVSS Base Score: CVSS v2: 4.3
Blue Coat products that include affected versions of libssh2 are susceptible to a truncated Diffie-Hellman secret length vulnerability. A remote man-in-the-middle (MITM) attacker can exploit this vulnerability to intercept SSH connections that originate from Blue Coat products. The MITM attacker can read and modify the data encrypted in the intercepted SSH connections.
|Advanced Secure Gateway (ASG)|
||6.7 and later||Not vulnerable, fixed in 18.104.22.168|
|6.6||Upgrade to 22.214.171.124.|
|Content Analysis System (CAS)|
|CVE-2016-0787||2.1 and later||Not vulnerable, fixed in 126.96.36.199|
|1.3||Upgrade to 188.8.131.52.|
|1.2||Upgrade to later releases with fixes.|
|CVE-2016-0787||6.1||Upgrade to 184.108.40.206.|
|Mail Threat Defense (MTD)|
|CVE-2016-0787||1.1||Not available at this time|
|CVE-2016-0787||10.1||Upgrade to 10.1.4.2.
|9.4, 9.5||Not vulnerable|
|CVE-2016-0787||7.2 and later||Not vulnerable, fixed in 7.2.1|
|7.1||Apply RPM patch available from Blue Coat Support.|
|7.0||Upgrade to later release with fixes.|
|6.6||Apply RPM patch available from Blue Coat Support.|
|CVE-2016-0787||11.0||Upgrade to 11.0.2.|
|10.0||Upgrade to 10.0.6.|
The following products have a vulnerable version of libssh2, but are not vulnerable to known vectors of attack:
|Management Center (MC)|
||1.6 and later||Not vulnerable, fixed in 220.127.116.11|
|1.5||Upgrade to later release with fixes.|
|PacketShaper (PS) S-Series|
||11.6 and later||Not vulnerable|
|11.5||Upgrade to 18.104.22.168.|
|11.2, 11.3, 11.4||Upgrade to later release with fixes.|
|PolicyCenter (PC) S-Series|
|CVE-2016-0787||1.1||Upgrade to 22.214.171.124.|
Blue Coat products that include a vulnerable version of libssh2 and use it for SSH client connections are vulnerable.
A remote man-in-the-middle (MITM) attacker can exploit the truncated ephemeral DH secret to intercept, decrypt, and modify SSH client connections on Blue Coat products.
The products listed below have a vulnerable version of libssh2, but do not utilize it for SSH client connections and are thus not known to be vulnerable. However, libssh2 fixes will be included in the patches that are provided.
The following products are not vulnerable:
Android Mobile Agent
Blue Coat HSM Agent for the Luna SP
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter Data Collector
Malware Analysis Appliance
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
ProxyAV ConLog and ConLogXP
Blue Coat no longer provides vulnerability information for the following products:
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
This Security Advisory addresses a truncated Diffie-Hellman (DH) secret generation flaw in the SSH client implementation of the libssh2 library (CVE-2016-0787).
The Diffie-Hellman key exchange module in libssh2 truncates the number of random bits generated for ephemeral DH secrets to 1/8th the intended number of random bits (128 bits instead of 1024 bits, or 256 bits instead of 2048 bits). As a result, the strength of the ephemeral DH secret is drastically reduced. The affected key exchange methods in libssh2 are:
|Severity / CVSSv2||Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
|References||SecurityFocus: BID 83389 / NVD: CVE-2016-0787|
|Impact||Information disclosure, unauthorized modification of data|
|Description||A remote man-in-the-middle (MITM) attacker can exploit the truncated ephemeral DH secret to intercept, decrypt, and modify SSH client connections on Blue Coat products.|
libssh2 security advisory - https://www.libssh2.org/adv_20160223.html
2018-04-22 PacketShaper S-Series 11.10 is not vulnerable.
2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 126.96.36.199.
2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PacketShaper S-Series 11.8 is not vulnerable.
2017-05-18 CAS 2.1 is not vulnerable.
2017-04-30 A fix for Director 6.1 is available in 188.8.131.52.
2017-03-30 MC 1.9 is not vulnerable.
2017-03-06 MC 1.8 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2016-12-04 PacketShaper S-Series 11.7 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-10-26 A fix for ASG is available in 184.108.40.206. A fix for Reporter 10.1 is available in 10.1.4.2. A fix for MC 1.6 is available in 220.127.116.11. MC 1.7 is not vulnerable. A fix for MC 1.5 will not be provided.
2016-08-12 Security Analytics 7.2 is not vulnerable. A fix for CAS 1.3 is available in 18.104.22.168.
2016-07-16 A fix for XOS 10.0 is available in 10.0.6. A fix for XOS 11.0 is available in 11.0.2.
2016-06-30 PacketShaper S-Series 11.6 is not vulnerable.
2016-06-24 A fix for PS S-Series 11.5 is available in 22.214.171.124. A fix for PC S-Series is available in 126.96.36.199.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-05-09 Fixes for Security Analytics 6.6 and 7.1 are available through patch RPMs from Blue Coat support.
2016-04-28 initial public release
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.