Vulnerability Note VU#754281
RSA BSAFE libraries denial of service vulnerability
Overview
The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability.
Description
RSA BSAFE products include software libraries that developers can use to implement cryptography in their applications. The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability. Note that these libraries may be used in third-party applications that are not distributed by RSA. |
Impact
A remote, unauthenticated attacker may be able to create a denial-of-service condition. |
Solution
Update |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Cisco Systems, Inc. | Affected | 30 Nov 2006 | 22 May 2007 |
| EMC, Inc. (formerly Data General Corporation) | Affected | 07 Dec 2006 | 22 May 2007 |
| Novell, Inc. | Affected | 07 Dec 2006 | 22 May 2007 |
| RSA Security, Inc. | Affected | 01 Dec 2006 | 22 May 2007 |
| Foundry Networks, Inc. | Not Affected | 07 Dec 2006 | 19 Dec 2007 |
| Hitachi | Not Affected | 07 Dec 2006 | 24 May 2007 |
| McAfee | Not Affected | 21 May 2007 | 23 May 2007 |
| Microsoft Corporation | Not Affected | 07 Dec 2006 | 22 May 2007 |
| Nortel Networks, Inc. | Not Affected | 07 Dec 2006 | 23 May 2007 |
| TippingPoint, Technologies, Inc. | Not Affected | 21 May 2007 | 22 May 2007 |
| 3com, Inc. | Unknown | 07 Dec 2006 | 07 Dec 2006 |
| Alcatel | Unknown | 07 Dec 2006 | 07 Dec 2006 |
| Apple Computer, Inc. | Unknown | 07 Dec 2006 | 07 Dec 2006 |
| AT&T | Unknown | 07 Dec 2006 | 07 Dec 2006 |
| Avaya, Inc. | Unknown | 07 Dec 2006 | 07 Dec 2006 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Cisco Systems for reporting this vulnerability.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: CVE-2006-3894
- Date Public: 22 May 2007
- Date First Published: 22 May 2007
- Date Last Updated: 19 Dec 2007
- Severity Metric: 0.13
- Document Revision: 17
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.