ProxySG 6.5 and 6.6 are vulnerable to CVE-2017-3731

ProxySG 6.5 and 6.6 are vulnerable to CVE-2017-3731
0

ProxySG 6.5 prior to 6.5.10.4, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable to CVE-2017-3731. All SSL interfaces are affected.


The CVE-2017-3731 vulnerability has been fixed for the following versions:


ProxySG 6.7 - a fix is available in 6.7.1.2.
ProxySG 6.6 - a fix is available in 6.6.5.8.
ProxySG 6.5 - a fix is available in 6.5.10.4.

Thank you for the info!

This is a great share David. Any information on how to check for the vulnerability versus just looking at the version? For example CLI command or API call? It would be a nice value-add to our suite of in-development proxysg Knowledge bits.


OpenSSL Security Advisory [26 Jan 2017]

Truncated packet could crash via OOB read (CVE-2017-3731)

Severity: Moderate

If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or client
to perform an out-of-bounds read, usually resulting in a crash.

For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;
users should upgrade to 1.1.0d

For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have
not disabled that algorithm should update to 1.0.2k