|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#754281
RSA BSAFE libraries denial of service vulnerability
OverviewThe RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability.
I. DescriptionRSA BSAFE products include software libraries that developers can use to implement cryptography in their applications.
The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability. Note that these libraries may be used in third-party applications that are not distributed by RSA.
II. ImpactA remote, unauthenticated attacker may be able to create a denial-of-service condition.
III. SolutionUpdate
RSA has released Crypto-C 6.3.1 and Cert-C 2.8 to address this issue. For more information about obtaining updated software, contact RSA and reference Bug ID 46337.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| 3com, Inc. | Unknown | 7-Dec-2006 |
| Alcatel | Unknown | 7-Dec-2006 |
| Apple Computer, Inc. | Unknown | 7-Dec-2006 |
| AT&T | Unknown | 7-Dec-2006 |
| Avaya, Inc. | Unknown | 7-Dec-2006 |
| Avici Systems, Inc. | Unknown | 7-Dec-2006 |
| Borderware Technologies | Unknown | 7-Dec-2006 |
| Bro | Unknown | 21-May-2007 |
| Charlotte's Web Networks | Unknown | 7-Dec-2006 |
| Check Point Software Technologies | Unknown | 7-Dec-2006 |
| Chiaro Networks, Inc. | Unknown | 7-Dec-2006 |
| Cisco Systems, Inc. | Vulnerable | 22-May-2007 |
| Clavister | Unknown | 7-Dec-2006 |
| Computer Associates | Unknown | 7-Dec-2006 |
| Computer Associates eTrust Security Management | Unknown | 21-May-2007 |
| Conectiva Inc. | Unknown | 7-Dec-2006 |
| Cray Inc. | Unknown | 7-Dec-2006 |
| D-Link Systems, Inc. | Unknown | 7-Dec-2006 |
| Data Connection, Ltd. | Unknown | 7-Dec-2006 |
| Debian GNU/Linux | Unknown | 7-Dec-2006 |
| EMC, Inc. (formerly Data General Corporation) | Vulnerable | 22-May-2007 |
| Engarde Secure Linux | Unknown | 7-Dec-2006 |
| Enterasys Networks | Unknown | 21-May-2007 |
| Ericsson | Unknown | 7-Dec-2006 |
| eSoft, Inc. | Unknown | 7-Dec-2006 |
| Extreme Networks | Unknown | 7-Dec-2006 |
| F5 Networks, Inc. | Unknown | 7-Dec-2006 |
| Fedora Project | Unknown | 26-Feb-2007 |
| Force10 Networks, Inc. | Unknown | 7-Dec-2006 |
| Fortinet, Inc. | Unknown | 7-Dec-2006 |
| Foundry Networks, Inc. | Not Vulnerable | 19-Dec-2007 |
| FreeBSD, Inc. | Unknown | 7-Dec-2006 |
| Fujitsu | Unknown | 7-Dec-2006 |
| Gentoo Linux | Unknown | 26-Feb-2007 |
| Global Technology Associates | Unknown | 7-Dec-2006 |
| Hewlett-Packard Company | Unknown | 7-Dec-2006 |
| Hitachi | Not Vulnerable | 24-May-2007 |
| Hyperchip | Unknown | 7-Dec-2006 |
| IBM Corporation | Unknown | 7-Dec-2006 |
| IBM Corporation (zseries) | Unknown | 7-Dec-2006 |
| IBM eServer | Unknown | 7-Dec-2006 |
| Immunix Communications, Inc. | Unknown | 7-Dec-2006 |
| Ingrian Networks, Inc. | Unknown | 7-Dec-2006 |
| Intel Corporation | Unknown | 7-Dec-2006 |
| Internet Security Systems, Inc. | Unknown | 7-Dec-2006 |
| Intoto | Unknown | 7-Dec-2006 |
| IP Filter | Unknown | 7-Dec-2006 |
| Juniper Networks, Inc. | Unknown | 7-Dec-2006 |
| Linksys (A division of Cisco Systems) | Unknown | 7-Dec-2006 |
| Lucent Technologies | Unknown | 7-Dec-2006 |
| Luminous Networks | Unknown | 7-Dec-2006 |
| Mandriva, Inc. | Unknown | 26-Feb-2007 |
| McAfee | Not Vulnerable | 23-May-2007 |
| Microsoft Corporation | Not Vulnerable | 22-May-2007 |
| MontaVista Software, Inc. | Unknown | 26-Feb-2007 |
| Multinet (owned Process Software Corporation) | Unknown | 7-Dec-2006 |
| Multitech, Inc. | Unknown | 7-Dec-2006 |
| NEC Corporation | Unknown | 7-Dec-2006 |
| NetBSD | Unknown | 26-Feb-2007 |
| netfilter | Unknown | 26-Feb-2007 |
| Network Appliance, Inc. | Unknown | 7-Dec-2006 |
| NextHop Technologies, Inc. | Unknown | 7-Dec-2006 |
| Nokia | Unknown | 7-Dec-2006 |
| Nortel Networks, Inc. | Not Vulnerable | 23-May-2007 |
| Novell, Inc. | Vulnerable | 22-May-2007 |
| OpenBSD | Unknown | 26-Feb-2007 |
| Openwall GNU/*/Linux | Unknown | 26-Feb-2007 |
| QNX, Software Systems, Inc. | Unknown | 7-Dec-2006 |
| Red Hat, Inc. | Unknown | 26-Feb-2007 |
| Redback Networks, Inc. | Unknown | 7-Dec-2006 |
| Riverstone Networks, Inc. | Unknown | 7-Dec-2006 |
| RSA Security, Inc. | Vulnerable | 22-May-2007 |
| Secure Computing Network Security Division | Unknown | 7-Dec-2006 |
| Secureworx, Inc. | Unknown | 7-Dec-2006 |
| Silicon Graphics, Inc. | Unknown | 7-Dec-2006 |
| Slackware Linux Inc. | Unknown | 26-Feb-2007 |
| Snort | Unknown | 21-May-2007 |
| Sony Corporation | Unknown | 7-Dec-2006 |
| Sourcefire | Unknown | 21-May-2007 |
| Stonesoft | Unknown | 7-Dec-2006 |
| Sun Microsystems, Inc. | Unknown | 7-Dec-2006 |
| SUSE Linux | Unknown | 7-Dec-2006 |
| Symantec, Inc. | Unknown | 7-Dec-2006 |
| The SCO Group | Unknown | 7-Dec-2006 |
| TippingPoint, Technologies, Inc. | Not Vulnerable | 22-May-2007 |
| Trustix Secure Linux | Unknown | 26-Feb-2007 |
| Turbolinux | Unknown | 26-Feb-2007 |
| Ubuntu | Unknown | 26-Feb-2007 |
| Unisys | Unknown | 7-Dec-2006 |
| Verisign | Unknown | 27-Feb-2007 |
| Watchguard Technologies, Inc. | Unknown | 7-Dec-2006 |
| Wind River Systems, Inc. | Unknown | 7-Dec-2006 |
| ZyXEL | Unknown | 7-Dec-2006 |
References
http://www.rsa.com/node.aspx?id=1204
http://secunia.com/advisories/25364/
Credit
Thanks to Cisco Systems for reporting this vulnerability.
This document was written by Ryan Giobbi.
Other Information
| Date Public | 05/22/2007 |
| Date First Published | 05/22/2007 08:56:53 AM |
| Date Last Updated | 12/19/2007 |
| CERT Advisory | |
| CVE Name | CVE-2006-3894 |
| US-CERT Technical Alerts | |
| Metric | 0.13 |
| Document Revision | 17 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader