Details of VAR-E-200705-0522

ID

VAR-E-200705-0522

CVE

cve_id:

CVE-2006-3894

Trust: 0.3

sources: BID: 24104

TITLE

RSA BSAFE Library Remote ASN.1 Denial of Service Vulnerability

Trust: 0.3

sources: BID: 24104

DESCRIPTION

The RSA BSAFE library is prone to a denial-of-service vulnerability because it fails to properly handle malformed ASN.1 data.
Exploiting this vulnerability allows attackers to crash applications that use the affected library. The specific impact of this vulnerability depends on the nature of the applications. Local and remote attacks may be possible. Depending on the nature of vulnerable applications, attackers may be able to exploit this issue without authentication.
These versions are vulnerable:
RSA BSAFE Crypto-C prior to 6.3.1
Cert-C prior to 2.8
The vendor tracks this issue by RSA Bug ID 46337.
Cisco tracks this issue as Bug IDs:
Cisco IOS: CSCsd85587
Cisco IOS XR: CSCsg41084
Cisco PIX and ASA Security Appliances: CSCse91999
Cisco Firewall Services Module (FWSM): CSCsi97695
Cisco Unified CallManager: CSCsg44348

Trust: 0.3

sources: BID: 24104

AFFECTED PRODUCTS

vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0	Trust: 0.9
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3(4.12)	Trust: 0.6
vendor:	rsa	model:	bsafe crypto-c	scope:	eq	version:	0	Trust: 0.3
vendor:	rsa	model:	bsafe cert-c	scope:	eq	version:	0	Trust: 0.3
vendor:	novell	model:	international cryptographic infostructure	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager 5.0 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(4)	Trust: 0.3
vendor:	cisco	model:	unified callmanager 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.2 sr1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0.4.3	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0.1.4	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2(1)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0(5.2)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0(5)	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4sw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 0.3
vendor:	cisco	model:	ios 12.3yz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ys	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3xx	Trust: 0.3
vendor:	cisco	model:	ios 12.3xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xs	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3tpc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3jx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3jl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3jea	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ja	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 0.3
vendor:	cisco	model:	ios 12.2zu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ze	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yv	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2srb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sra	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sga	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2seg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sef	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2see	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sed	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sec	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2seb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sea	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2se	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ja	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2fz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2fy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2fx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ez	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ewa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ew	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2cz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2cx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2bz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios zw	scope:	eq	version:	12.2	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(4)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.24)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(1.9)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(1.7)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.3)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.18)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.11)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.1)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3(4.7)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3(4)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3	Trust: 0.3
vendor:	rsa	model:	bsafe crypto-c	scope:	ne	version:	6.3.1	Trust: 0.3
vendor:	rsa	model:	bsafe cert-c	scope:	ne	version:	2.8	Trust: 0.3
vendor:	novell	model:	international cryptographic infrastructure	scope:	ne	version:	2.7.2	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	5.1(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 4.3 sr.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 4.2 sr2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	8.0	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.2(2)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.2(1.22)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.1(2.27)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.0(6.7)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	6.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.4.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.3.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.3.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.2.6	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.2.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.2.3	Trust: 0.3
vendor:	cisco	model:	ios 12.4 t3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 t7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 xd6	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 xc6	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 xj2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 t1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 sw1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.4(10)	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.3(22)	Trust: 0.3
vendor:	cisco	model:	ios 12.3 jl1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 bc6	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yx7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sg	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 se2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srb	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sra2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sga1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sb3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 see3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ewa9	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxf8	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	ne	version:	3.1(6)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	ne	version:	2.3(5)	Trust: 0.3

sources: BID: 24104

EXPLOIT

To exploit this issue, attackers use readily available network utilities for creating and injecting packets.

Trust: 0.3

sources: BID: 24104

PRICE

Free

Trust: 0.3

sources: BID: 24104

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 24104

CREDITS

The original discoverer of this issue is unknown. It was disclosed in the referenced US-CERT advisory.

Trust: 0.3

sources: BID: 24104

EXTERNAL IDS

db:	CERT/CC	id:	VU#754281	Trust: 0.3
db:	NVD	id:	CVE-2006-3894	Trust: 0.3
db:	BID	id:	24104	Trust: 0.3

sources: BID: 24104

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml	Trust: 0.3
url:	http://www.rsa.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151130-csr	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/754281	Trust: 0.3
url:	http://www116.nortelnetworks.com/pub/repository/clarify/document/2007/21/022317-01.pdf	Trust: 0.3
url:	https://secure-support.novell.com/kanisaplatform/publishing/97/3590033_f.sal_public.html	Trust: 0.3
url:	http://www.rsa.com/node.aspx?id=1204	Trust: 0.3

sources: BID: 24104

SOURCES

db:

BID

id:

24104

LAST UPDATE DATE

2022-07-27T09:36:40.627000+00:00

SOURCES UPDATE DATE

db:

BID

id:

24104

date:

2007-06-29T18:58:00

SOURCES RELEASE DATE

db:

BID

id:

24104

date:

2007-05-22T00:00:00