Vulnerability Note VU#754281

RSA BSAFE libraries denial of service vulnerability

Original Release date: 22 May 2007 | Last revised: 19 Dec 2007

Overview

The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability.

Description

RSA BSAFE products include software libraries that developers can use to implement cryptography in their applications.

The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability. Note that these libraries may be used in third-party applications that are not distributed by RSA.

Impact

A remote, unauthenticated attacker may be able to create a denial-of-service condition.

Solution

Update
RSA has released Crypto-C 6.3.1 and Cert-C 2.8 to address this issue. For more information about obtaining updated software, contact RSA and reference Bug ID 46337.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Affected30 Nov 200622 May 2007
EMC, Inc. (formerly Data General Corporation)Affected07 Dec 200622 May 2007
Novell, Inc.Affected07 Dec 200622 May 2007
RSA Security, Inc.Affected01 Dec 200622 May 2007
Foundry Networks, Inc.Not Affected07 Dec 200619 Dec 2007
HitachiNot Affected07 Dec 200624 May 2007
McAfeeNot Affected21 May 200723 May 2007
Microsoft CorporationNot Affected07 Dec 200622 May 2007
Nortel Networks, Inc.Not Affected07 Dec 200623 May 2007
TippingPoint, Technologies, Inc.Not Affected21 May 200722 May 2007
3com, Inc.Unknown07 Dec 200607 Dec 2006
AlcatelUnknown07 Dec 200607 Dec 2006
Apple Computer, Inc.Unknown07 Dec 200607 Dec 2006
AT&TUnknown07 Dec 200607 Dec 2006
Avaya, Inc.Unknown07 Dec 200607 Dec 2006
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Cisco Systems for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2006-3894
  • Date Public: 22 May 2007
  • Date First Published: 22 May 2007
  • Date Last Updated: 19 Dec 2007
  • Severity Metric: 0.13
  • Document Revision: 17

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.