ID CVE-2006-3894
Summary The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
References
Vulnerable Configurations
  • RSA BSAFE Cert-C 2.7
    cpe:2.3:a:rsa:bsafe_cert-c:2.7
  • RSA BSAFE Crypto-C 6.3
    cpe:2.3:a:rsa:bsafe_crypto-c:6.3
CVSS
Base: 5.0 (as of 23-05-2007 - 07:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family CISCO
NASL id CISCO-SA-20070522-CRYPTO.NASL
description A vulnerability has been discovered in a third-party cryptographic library that is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful, repeated exploitation of any of these vulnerabilities may lead to a sustained denial of service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker to decrypt any previously encrypted information. Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
last seen 2019-02-21
modified 2018-11-15
plugin id 49004
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49004
title Vulnerability In Crypto Library - Cisco Systems
oval via4
accepted 2009-12-21T04:00:39.821-05:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Thomas R. Jones
    organization Maitreya Security
description The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
family ios
id oval:org.mitre.oval:def:5778
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title RSA BSAFE Cyrpt-C and Cert-C Libraries ASN.1 Object Parsing DoS Vulnerability
version 4
refmap via4
bid 24104
cert-vn VU#754281
cisco 20070522 Vulnerability In Crypto Library
confirm
osvdb 35338
sectrack 1018095
secunia
  • 25343
  • 25364
  • 25399
vupen
  • ADV-2007-1908
  • ADV-2007-1909
  • ADV-2007-1945
xf multiple-crypto-asn1-dos(34430)
Last major update 05-11-2012 - 22:16
Published 22-05-2007 - 15:30
Last modified 10-10-2017 - 21:31
Back to Top