Skip to main content

Blue Coat Products OpenSSL DER Format Data Processing Vulnerabilities

Last Update Date: 10 Jan 2013 Release Date: 12 Dec 2012 4757 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Blue Coat IntelligenceCenter and ProxySG, which can be exploited by malicious people to potentially compromise a vulnerable system.

 

The vulnerabilities exist in the bundled version of OpenSSL. The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code, but may require a target to be running on a 64-bit system.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Blue Coat IntelligenceCenter 3.x
  • Blue Coat ProxySG 5.x
  • Blue Coat ProxySG 6.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link