RSA BSAFE Cert-C Improper Certificate Processing

Published
Credit
Risk
2017.06.15
RSA
Low
CWE
CVE
Local
Remote
N/A
CVE-2017-4981
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-031: RSA BSAFE(r) Cert-C Improper Certificate Processing Vulnerability

EMC Identifier: ESA-2017-031

CVE Identifier: CVE-2017-4981



Severity Rating: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)



Affected Products:

RSA BSAFE Cert-C all versions prior to 2.9.0.5 (RSA BSAFE Cert C is End of Primary Support and End of Extended Support per prior notification)

Summary:

RSA BSAFE Cert-C contains updates designed to address a potential improper certificate processing vulnerability.



Details:

RSA BSAFE Cert-C is affected by a potential improper certificate processing vulnerability. The vulnerability is caused by a faulty certificate processing logic that may potentially cause a crash in RSA BSAFE Cert-C.



Recommendation:

The following RSA BSAFE Cert-C release contains a resolution to this vulnerability:
RSA BSAFE Cert-C version 2.9.0.5



RSA recommends all customers upgrade at the earliest opportunity.



RSA also reminds customers that RSA BSAFE Cert-C is now End of Primary Support and End of Extended Support per prior notification and customers are strongly advised to migrate to other solutions at the earliest opportunity.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZP+7qAAoJEHbcu+fsE81ZK6MH/1TZIMEEzWwdOIgt+yKLMBFO
uzLF/0GmkuWnu1bEvdA4dXvOFovuUQRRb33dE8DRHFknnybqQbH0jw3Tv9kPcE1x
+YNUt30zPd8RAn5IyuCC9Zi8fVObpfyhJAmPsOrzqrjeJjZ14Ud372+z3qjZE8yw
DrnPnde+uVhJzHtuBeWwxdhOUoT6giQNEVETWybU3jolLSumJ8pIvPhXf5B9j7CI
5yIVubr4QRLTNhIWunlmZ5rY9+dz5fIKYlaSZ8ow6CHEzeLOj0GUYIFB7CQuz7Dn
3PAONK5r6ramzRYvmnPV0RAZCkzzu3sHWROgIRR3qbyLgLxsQJZofLUaRQ8eX48=
=uy7+
-----END PGP SIGNATURE-----


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com