Overview
The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability.
Description
RSA BSAFE products include software libraries that developers can use to implement cryptography in their applications. The RSA BSAFE Crypto-C and Cert-C libraries contain a denial-of-service vulnerability. Note that these libraries may be used in third-party applications that are not distributed by RSA. |
Impact
A remote, unauthenticated attacker may be able to create a denial-of-service condition. |
Solution
Update |
Vendor Information
Cisco Systems, Inc. Affected
Notified: November 30, 2006 Updated: May 22, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
EMC, Inc. (formerly Data General Corporation) Affected
Notified: December 07, 2006 Updated: May 22, 2007
Status
Affected
Vendor Statement
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Novell, Inc. Affected
Notified: December 07, 2006 Updated: May 22, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See http://download.novell.com/Download?buildid=ttXNAk5nEeg~ for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
RSA Security, Inc. Affected
Notified: December 01, 2006 Updated: May 22, 2007
Status
Affected
Vendor Statement
RSA has released Crypto-C 6.3.1 and Cert-C 2.8 to address this issue. For more information about obtaining updated software, registered customers can contact RSA Customer Support
http://www.rsa.com/node.aspx?id=1067.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Foundry Networks, Inc. Not Affected
Notified: December 07, 2006 Updated: December 19, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Not Affected
Notified: December 07, 2006 Updated: May 24, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
McAfee Not Affected
Notified: May 21, 2007 Updated: May 23, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Not Affected
Notified: December 07, 2006 Updated: May 22, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nortel Networks, Inc. Not Affected
Notified: December 07, 2006 Updated: May 23, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See www.nortel.com/securityadvisories for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TippingPoint, Technologies, Inc. Not Affected
Notified: May 21, 2007 Updated: May 22, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
3com, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
AT&T Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Alcatel Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Apple Computer, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avici Systems, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Borderware Technologies Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Bro Unknown
Notified: May 21, 2007 Updated: May 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Chiaro Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Clavister Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Computer Associates Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Computer Associates eTrust Security Management Unknown
Notified: May 21, 2007 Updated: May 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Data Connection, Ltd. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Enterasys Networks Unknown
Notified: May 21, 2007 Updated: May 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ericsson Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Extreme Networks Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fedora Project Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Force10 Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Gentoo Linux Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Global Technology Associates Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hyperchip Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IP Filter Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intel Corporation Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Internet Security Systems, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intoto Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Linksys (A division of Cisco Systems) Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Lucent Technologies Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Luminous Networks Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Mandriva, Inc. Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multinet (owned Process Software Corporation) Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Network Appliance, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NextHop Technologies, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nokia Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Riverstone Networks, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SUSE Linux Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secure Computing Network Security Division Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Snort Unknown
Notified: May 21, 2007 Updated: May 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sourcefire Unknown
Notified: May 21, 2007 Updated: May 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Stonesoft Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Symantec, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Trustix Secure Linux Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ubuntu Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Verisign Unknown
Notified: February 27, 2007 Updated: February 27, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
ZyXEL Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: December 07, 2006 Updated: December 07, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
netfilter Unknown
Notified: February 26, 2007 Updated: February 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Cisco Systems for reporting this vulnerability.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-3894 |
| Severity Metric: | 0.13 |
| Date Public: | 2007-05-22 |
| Date First Published: | 2007-05-22 |
| Date Last Updated: | 2007-12-19 15:56 UTC |
| Document Revision: | 18 |