漏洞信息详情
DELL RSA BSAFE Crypto-C Micro Edition 安全漏洞
- CNNVD编号:CNNVD-200705-446
- 危害等级: 中危
- CVE编号: CVE-2006-3894
- 漏洞类型: 其他
- 发布时间: 2007-05-22
- 威胁类型: 远程
- 更新时间: 2021-12-10
- 厂 商: rsa
- 漏洞来源: Cisco安全公告
漏洞简介
DELL RSA BSAFE Crypto-C Micro Edition是美国戴尔(DELL)公司的一款加密工具包。
DELL RSA BSAFE 所提供的Crypto-C和Cert-C库的实现上存在安全漏洞,远程攻击者可能利用此漏洞导致设备拒绝服务。如果用户通过任何使用了上述库的应用程序解析了畸形的ASN.1对象的话,就会触发这个漏洞,导致受影响的应用或设备崩溃。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: 临时解决方法:
* 对于运行Cisco iOS的网络设备,应用以下控制面整型(CoPP):
!-- Include deny statements up front for any protocols/ports/IP addresses that
!-- should not be impacted by CoPP
!-- Include permit statements for the protocols/ports that will be governed by CoPP
!-- port 443 - HTTPS
access-list 100 permit tcp any any eq 443
!-- port 500 - IKE
access-list 100 permit udp any any eq 500
!-- port 848 - GDOI
access-list 100 permit tcp any any eq 848
!-- port 5060 - SIP-TLS
access-list 100 permit tcp any any eq 5060
!-- port 5354 - TIDP
access-list 100 permit tcp any any eq 5354
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!
!-- Create a Class-Map for traffic to be policed by
!-- the CoPP feature.
!
class-map match-all Drop-Known-Undesirable
match access-group 100
!
!-- Create a Policy-Map that will be applied to the
!-- Control-Plane of the device.
!
policy-map CoPP-Input-Policy
class Drop-Known-Undesirable
drop
!-- Apply the Policy-Map to the Control-Plane of the
!-- device.
!
control-plane
service-policy input CoPP-Input-Policy
请注意在12.0S、12.2S和12.2SX Cisco iOS系列中,policy-map句法有所不同,如
下所示:
policy-map CoPP-Input-Policy
class Drop-Known-Undesirable
police 32000 1500 1500 conform-action drop exceed-action drop
或应用以下ACL:
access-list 101 permit tcp host
access-list 101 permit udp host
access-list 101 permit tcp host
access-list 101 permit tcp host
access-list 101 permit tcp host
access-list 101 permit tcp host
access-list 101 deny tcp any any eq 443
access-list 101 deny udp any any eq 500
access-list 101 deny tcp any any eq 506
access-list 101 deny udp any any eq 4848
access-list 101 deny tcp any any eq 5060
access-list 101 deny tcp any any eq 5354
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20070522-crypto)以及相应补丁:
cisco-sa-20070522-crypto:Vulnerability In Crypto Library
链接:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.sHTML
RSA Security
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.rsasecurity.com
参考网址
来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3894※http://www.securityfocus.com/bid/24104※http://www.nsfocus.net/vulndb/10382
链接:无
来源:BID
链接:https://www.securityfocus.com/bid/24104
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5778
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/1909
来源:OSVDB
链接:http://osvdb.org/35338
来源:CONFIRM
链接:https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.HTML
来源:CISCO
链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.sHTML
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/34430
来源:SECUNIA
链接:http://secunia.com/advisories/25364
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/754281
来源:SECUNIA
链接:http://secunia.com/advisories/25399
来源:SECUNIA
链接:http://secunia.com/advisories/25343
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/1945
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/1908
来源:CONFIRM
链接:http://jvn.jp/cert/JVNVU%23754281/index.HTML
来源:SECTRACK
链接:http://www.securitytracker.com/id?1018095
受影响实体
- Rsa Bsafe_cert-C:2.7
- Rsa Bsafe_crypto-C:6.3
补丁
- DELL RSA BSAFE Crypto-C Micro Edition 安全漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论