BID:24104

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

Info

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

Bugtraq ID:	24104
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-3894
Remote:	Yes
Local:	Yes
Published:	May 22 2007 12:00AM
Updated:	Jun 29 2007 06:58PM
Credit:	The original discoverer of this issue is unknown. It was disclosed in the referenced US-CERT advisory.
Vulnerable:	Rsa BSAFE Crypto-C 0 Rsa BSAFE Cert-C 0 Novell International Cryptographic Infostructure (NICI) 2.6.1 Cisco Unified Communications Manager 5.1(1) Cisco Unified CallManager 5.0(4a)SU1 Cisco Unified CallManager 5.0(4) Cisco Unified CallManager 5.0(3a) Cisco Unified CallManager 5.0(3) Cisco Unified CallManager 5.0(2) Cisco Unified CallManager 5.0(1) Cisco Unified CallManager 5.0 Cisco Unified CallManager 5.0 Cisco Unified CallManager 5.0 Cisco Unified CallManager 4.2(3)SR1 Cisco Unified CallManager 4.2 Cisco Unified CallManager 4.1(3)SR4 Cisco Unified CallManager 4.1 Cisco Unified CallManager 4.0 Cisco PIX/ASA 7.0.4 .3 Cisco PIX/ASA 7.0.4 Cisco PIX/ASA 7.0.1 .4 Cisco PIX/ASA 7.0 Cisco PIX/ASA 7.2(1) Cisco PIX/ASA 7.1(2) Cisco PIX/ASA 7.0(5.2) Cisco PIX/ASA 7.0(5) Cisco IOS XR Cisco IOS 12.4XP Cisco IOS 12.4XJ Cisco IOS 12.4XE Cisco IOS 12.4XD Cisco IOS 12.4XC Cisco IOS 12.4XB Cisco IOS 12.4XA Cisco IOS 12.4T Cisco IOS 12.4SW Cisco IOS 12.4 Cisco IOS 12.3YZ Cisco IOS 12.3YX Cisco IOS 12.3YU Cisco IOS 12.3YT Cisco IOS 12.3YS Cisco IOS 12.3YQ Cisco IOS 12.3YK Cisco IOS 12.3YI Cisco IOS 12.3YH Cisco IOS 12.3YG Cisco IOS 12.3YF Cisco IOS 12.3YD Cisco IOS 12.3YA Cisco IOS 12.3XX Cisco IOS 12.3XW Cisco IOS 12.3XU Cisco IOS 12.3XS Cisco IOS 12.3XR Cisco IOS 12.3XQ Cisco IOS 12.3XK Cisco IOS 12.3XJ Cisco IOS 12.3XI Cisco IOS 12.3XH Cisco IOS 12.3XG Cisco IOS 12.3XF Cisco IOS 12.3XE Cisco IOS 12.3XD Cisco IOS 12.3XC Cisco IOS 12.3XB Cisco IOS 12.3XA Cisco IOS 12.3TPC Cisco IOS 12.3T Cisco IOS 12.3JX Cisco IOS 12.3JL Cisco IOS 12.3JK Cisco IOS 12.3JEA Cisco IOS 12.3JA Cisco IOS 12.3BC Cisco IOS 12.3B Cisco IOS 12.3 Cisco IOS 12.2ZU Cisco IOS 12.2ZL Cisco IOS 12.2ZJ Cisco IOS 12.2ZH Cisco IOS 12.2ZG Cisco IOS 12.2ZF Cisco IOS 12.2ZE Cisco IOS 12.2ZD Cisco IOS 12.2YV Cisco IOS 12.2YU Cisco IOS 12.2XR Cisco IOS 12.2T Cisco IOS 12.2SXF Cisco IOS 12.2SXE Cisco IOS 12.2SXD Cisco IOS 12.2SRB Cisco IOS 12.2SRA Cisco IOS 12.2SGA Cisco IOS 12.2SG Cisco IOS 12.2SEG Cisco IOS 12.2SEF Cisco IOS 12.2SEE Cisco IOS 12.2SED Cisco IOS 12.2SEC Cisco IOS 12.2SEB Cisco IOS 12.2SEA Cisco IOS 12.2SE Cisco IOS 12.2SB Cisco IOS 12.2JK Cisco IOS 12.2JA Cisco IOS 12.2IXC Cisco IOS 12.2IXB Cisco IOS 12.2IXA Cisco IOS 12.2FZ Cisco IOS 12.2FY Cisco IOS 12.2FX Cisco IOS 12.2EZ Cisco IOS 12.2EY Cisco IOS 12.2EX Cisco IOS 12.2EWA Cisco IOS 12.2EW Cisco IOS 12.2CZ Cisco IOS 12.2CX Cisco IOS 12.2BZ Cisco IOS 12.2BC Cisco IOS 12.2B Cisco IOS 12.2 ZW Cisco Firewall Services Module (FWSM) 3.1(4) Cisco Firewall Services Module (FWSM) 3.1(3.24) Cisco Firewall Services Module (FWSM) 3.1(1.9) Cisco Firewall Services Module (FWSM) 3.1(1.7) Cisco Firewall Services Module (FWSM) 3.1 (3.3) Cisco Firewall Services Module (FWSM) 3.1 (3.2) Cisco Firewall Services Module (FWSM) 3.1 (3.18) Cisco Firewall Services Module (FWSM) 3.1 (3.11) Cisco Firewall Services Module (FWSM) 3.1 (3.1) Cisco Firewall Services Module (FWSM) 3.1 Cisco Firewall Services Module (FWSM) 2.3(4.7) Cisco Firewall Services Module (FWSM) 2.3(4.12) Cisco Firewall Services Module (FWSM) 2.3(4) Cisco Firewall Services Module (FWSM) 2.3 (4.12) Cisco Firewall Services Module (FWSM) 2.3

Not Vulnerable:	Rsa BSAFE Crypto-C 6.3.1 Rsa BSAFE Cert-C 2.8 Novell International Cryptographic Infrastructure (NICI) 2.7.2 Cisco Unified Communications Manager 5.1(2) Cisco Unified Communications Manager 4.3(1)Sr.1 Cisco Unified Communications Manager 4.2(3)sr2 Cisco Unified CallManager 4.1(3)sr5 Cisco PIX/ASA 8.0 Cisco PIX/ASA 7.2(2) Cisco PIX/ASA 7.2(1.22) Cisco PIX/ASA 7.1(2.27) Cisco PIX/ASA 7.0(6.7) Cisco PIX/ASA 6.0 Cisco IOS XR 3.4.1 Cisco IOS XR 3.4 Cisco IOS XR 3.3.3 Cisco IOS XR 3.3.2 Cisco IOS XR 3.3.1 Cisco IOS XR 3.3 Cisco IOS XR 3.2.6 Cisco IOS XR 3.2.4 Cisco IOS XR 3.2.3 Cisco IOS 12.4(9)T3 Cisco IOS 12.4(7d) Cisco IOS 12.4(6)T7 Cisco IOS 12.4(4)XD6 Cisco IOS 12.4(4)XC6 Cisco IOS 12.4(11)XJ2 Cisco IOS 12.4(11)T1 Cisco IOS 12.4(11)SW1 Cisco IOS 12.4(10) Cisco IOS 12.3(22) Cisco IOS 12.3(2)JL1 Cisco IOS 12.3(17b)BC6 Cisco IOS 12.3(14)YX7 Cisco IOS 12.2(37)SG Cisco IOS 12.2(35)SE2 Cisco IOS 12.2(33)SRB Cisco IOS 12.2(33)SRA2 Cisco IOS 12.2(31)SGA1 Cisco IOS 12.2(31)SB3 Cisco IOS 12.2(25)SEE3 Cisco IOS 12.2(25)EWA9 Cisco IOS 12.2(18)SXF8 Cisco Firewall Services Module (FWSM) 3.1(6) Cisco Firewall Services Module (FWSM) 2.3(5)

Discussion

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

The RSA BSAFE library is prone to a denial-of-service vulnerability because it fails to properly handle malformed ASN.1 data.

Exploiting this vulnerability allows attackers to crash applications that use the affected library. The specific impact of this vulnerability depends on the nature of the applications. Local and remote attacks may be possible. Depending on the nature of vulnerable applications, attackers may be able to exploit this issue without authentication.

These versions are vulnerable:

RSA BSAFE Crypto-C prior to 6.3.1
Cert-C prior to 2.8

The vendor tracks this issue by RSA Bug ID 46337.

Cisco tracks this issue as Bug IDs:
Cisco IOS: CSCsd85587
Cisco IOS XR: CSCsg41084
Cisco PIX and ASA Security Appliances: CSCse91999
Cisco Firewall Services Module (FWSM): CSCsi97695
Cisco Unified CallManager: CSCsg44348

Exploit / POC

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

To exploit this issue, attackers use readily available network utilities for creating and injecting packets.

Solution / Fix

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

Solution:
The vendor has released Crypto-C 6.3.1 and Cert-C 2.8 to address this issue. Users of affected libraries should contact the vendor and reference RSA Bug ID 46337 for details.

Please see the references for more information.

References

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

References:

RSA BSAFE Product Page (RSA)
RSA Homepage (RSA Security)
Cisco Security Advisory: Cisco Cloud Services Router 1000V Command Injection Vul (Cisco)
Cisco Security Advisory: Vulnerability In Crypto Library (Cisco)
Nortel response to CERT VU#75428 - RSA BSAFE libraries denial of service vulnera (Nortel)
Security Vulnerability: RSA BSAFE Libraries denial of service (Novell)
Vulnerability Note VU#754281 (US-CERT)