漏洞信息详情

DELL RSA BSAFE Crypto-C Micro Edition 安全漏洞

• CNNVD编号：CNNVD-200705-446
• 危害等级： 中危
  
• CVE编号： CVE-2006-3894
• 漏洞类型： 其他
• 发布时间： 2007-05-22
• 威胁类型： 远程
• 更新时间： 2021-12-10
• 厂        商： rsa
• 漏洞来源： Cisco安全公告

漏洞简介

DELL RSA BSAFE Crypto-C Micro Edition是美国戴尔（DELL）公司的一款加密工具包。

DELL RSA BSAFE 所提供的Crypto-C和Cert-C库的实现上存在安全漏洞，远程攻击者可能利用此漏洞导致设备拒绝服务。如果用户通过任何使用了上述库的应用程序解析了畸形的ASN.1对象的话，就会触发这个漏洞，导致受影响的应用或设备崩溃。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： 临时解决方法：

* 对于运行Cisco iOS的网络设备，应用以下控制面整型(CoPP)：

!-- Include deny statements up front for any protocols/ports/IP addresses that

!-- should not be impacted by CoPP

!-- Include permit statements for the protocols/ports that will be governed by CoPP

!-- port 443 - HTTPS

access-list 100 permit tcp any any eq 443

!-- port 500 - IKE

access-list 100 permit udp any any eq 500

!-- port 848 - GDOI

access-list 100 permit tcp any any eq 848

!-- port 5060 - SIP-TLS

access-list 100 permit tcp any any eq 5060

!-- port 5354 - TIDP

access-list 100 permit tcp any any eq 5354

!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4

!-- traffic in accordance with existing security policies and

!-- configurations for traffic that is authorized to be sent

!-- to infrastructure devices.

!

!-- Create a Class-Map for traffic to be policed by

!-- the CoPP feature.

!

class-map match-all Drop-Known-Undesirable

match access-group 100

!

!-- Create a Policy-Map that will be applied to the

!-- Control-Plane of the device.

!

policy-map CoPP-Input-Policy

class Drop-Known-Undesirable

drop

!-- Apply the Policy-Map to the Control-Plane of the

!-- device.

!

control-plane

service-policy input CoPP-Input-Policy

请注意在12.0S、12.2S和12.2SX Cisco iOS系列中，policy-map句法有所不同，如

下所示：

policy-map CoPP-Input-Policy

class Drop-Known-Undesirable

police 32000 1500 1500 conform-action drop exceed-action drop

或应用以下ACL：

access-list 101 permit tcp host host eq 443

access-list 101 permit udp host host eq 500

access-list 101 permit tcp host host eq 506

access-list 101 permit tcp host host eq 4848

access-list 101 permit tcp host host eq 5060

access-list 101 permit tcp host host eq 5354

access-list 101 deny tcp any any eq 443

access-list 101 deny udp any any eq 500

access-list 101 deny tcp any any eq 506

access-list 101 deny udp any any eq 4848

access-list 101 deny tcp any any eq 5060

access-list 101 deny tcp any any eq 5354

厂商补丁：

Cisco

-----

Cisco已经为此发布了一个安全公告(cisco-sa-20070522-crypto)以及相应补丁:

cisco-sa-20070522-crypto：Vulnerability In Crypto Library

链接：

http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.sHTML

RSA Security

------------

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.rsasecurity.com

参考网址

来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3894※http://www.securityfocus.com/bid/24104※http://www.nsfocus.net/vulndb/10382

链接:无

来源:BID

链接:https://www.securityfocus.com/bid/24104

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5778

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1909

来源:OSVDB

链接:http://osvdb.org/35338

来源:CONFIRM

链接:https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.HTML

来源:CISCO

链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.sHTML

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/34430

来源:SECUNIA

链接:http://secunia.com/advisories/25364

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/754281

来源:SECUNIA

链接:http://secunia.com/advisories/25399

来源:SECUNIA

链接:http://secunia.com/advisories/25343

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1945

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1908

来源:CONFIRM

链接:http://jvn.jp/cert/JVNVU%23754281/index.HTML

来源:SECTRACK

链接:http://www.securitytracker.com/id?1018095

受影响实体

• Rsa Bsafe_cert-C:2.7  
• Rsa Bsafe_crypto-C:6.3  

补丁

• DELL RSA BSAFE Crypto-C Micro Edition 安全漏洞的修复措施