OpenSSL RSA key reconstruction vulnerability (CVE-2007-3108, VU#724968)
Date: September , 2007
Severity: Moderate
Description:
Some Blue Coat Systems products use OpenSSL implementations of the RSA algorithm that may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source implementation of the SSL and TLS protocols. Any Proxy SG that contains an SSL accelerator hardware card is not vulnerable.
Affected Systems:
Proxy SG - Any Proxy SG that does not have a hardware SSL accelerator and that is running a software version earlier than SG 5.2.1.3 or SG 4.2.5.1, is vulnerable.
Reporter – Projected to be fixed in Reporter 9.1, ETA January 2008.
Proxy AV – Fixed in ProxyAV 3.1.1.5
Director(510 platform) – Fixed in SGME 5.2.1
Director(800 platform) – Fixed in SGME 5.2.2.1
Director (lagacy platform) – Fixed in SGME 4.2.2.3
SGClient – Projected to be fixed in a future patch release, ETA is TBD.
RA – Not affected.
Additional Information:
http://www.kb.cert.org/vuls/id/724968
For more information, please contact the Blue Coat Support Department.
www.bluecoat.com/support/contact.html
.gif){kind=small}