Vulnerabilities > CVE-2006-3894 - Unspecified vulnerability in Dell Bsafe Cert-C and Bsafe Crypto-C

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

dell

nessus

NVD

Published: 2007-05-22

Updated: 2021-12-17

Summary

The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Bsafe Cert C - Dell Bsafe Cert C 2.7 Dell Bsafe Crypto C - Dell Bsafe Crypto C 4.0 Dell Bsafe Crypto C 4.0.0 Dell Bsafe Crypto C 4.0.4 Dell Bsafe Crypto C 4.0.5 Dell Bsafe Crypto C 4.0.5.3 Dell Bsafe Crypto C 4.0.5.4 Dell Bsafe Crypto C 4.1 Dell Bsafe Crypto C 4.1.0 Dell Bsafe Crypto C 4.1.1 Dell Bsafe Crypto C 4.1.2 Dell Bsafe Crypto C 4.1.3 Dell Bsafe Crypto C 4.1.3.2 Dell Bsafe Crypto C 4.1.3.3 Dell Bsafe Crypto C 4.1.4 Dell Bsafe Crypto C 6.3	18

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20070522-CRYPTO.NASL
description	A vulnerability has been discovered in a third-party cryptographic library that is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful, repeated exploitation of any of these vulnerabilities may lead to a sustained denial of service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker to decrypt any previously encrypted information. Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
last seen	2019-10-28
modified	2010-09-01
plugin id	49004
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49004
title	Vulnerability In Crypto Library - Cisco Systems
code	#TRUSTED 5cf0074093ce72330a3ae51c2b63ef1661ceb1b12de6e0a74bb3ca7e0cfc511e2d7ee123cb0b54f3f7bbde42d1647517f1e294deca80a59ca57ca5572161c91970f17411e9b98c446c3fda0d387b0eee1a69e3d7594ca61111029d3d2fbfa4df152b8c7d711c138f55e2e98bdeb591714d7031797a85699a3881eff12de3f3de265b7edf8bad9d9bea75f9d47751bfa8ea208c698f27e7f53627065510cdaa871c33303f2b178a2e738e787209438b03f2cc651dc2abaf84e5753d41e7c8be8aa883b6eeb87d3bb92cf3f0f0283e0b3347dde28720981da2038da0096290652f3fa63d205998e72331dc8c851b11ba5db7cb1ef9b79ce820aee88cee9a3c4539c19510486d7315da5fd8e5e230d6901c581b0e45ec4a9b216f28757598369feb77f7db656a67ae1d321b11f79be9c9f094a9afb25317373f1c4b51c394759d7f9f96325bf09e744944e20851beb3d684a960f3f8a8bee192ec43b42c5ec95b915481865e4c5f17515e971b3dfe50df64a35c35348527dda93b5ba320abd59a0433806c3bcc50cd6875c7731b0ed298fc6fc6e77887cf51bde6db80ea73511e34fb582b2c9ff41d1faa1534ec9d24cc855fa0b56dbeb0ea2062b2065494008a3613c18c2e4b609cc23a0372c153c5cc19ad6ec8ca1426c797a08b3db9fdcff1d1b61a516ea9f87a148f4a46ce4a56d591f336b4406fad8d061c0f681c0d92664a # # (C) Tenable Network Security, Inc. # # Security advisory is (C) CISCO, Inc. # See https://www.cisco.com/en/US/products/products_security_advisory09186a00809bb300.shtml include("compat.inc"); if (description) { script_id(49004); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2006-3894"); script_bugtraq_id(24104); script_xref(name:"CERT", value:"754281"); script_xref(name:"CISCO-BUG-ID", value:"CSCsd85587"); script_xref(name:"CISCO-BUG-ID", value:"CSCse91999"); script_xref(name:"CISCO-BUG-ID", value:"CSCsg41084"); script_xref(name:"CISCO-BUG-ID", value:"CSCsg410843"); script_xref(name:"CISCO-BUG-ID", value:"CSCsg44348"); script_xref(name:"CISCO-BUG-ID", value:"CSCsi97695"); script_xref(name:"CISCO-SA", value:"cisco-sa-20070522-crypto"); script_name(english:"Vulnerability In Crypto Library - Cisco Systems"); script_summary(english:"Checks the IOS version."); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "A vulnerability has been discovered in a third-party cryptographic library that is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful, repeated exploitation of any of these vulnerabilities may lead to a sustained denial of service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker to decrypt any previously encrypted information. Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070522-crypto script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aff94393"); # https://www.cisco.com/en/US/products/products_security_advisory09186a00809bb300.shtml script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?0072356d"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20070522-crypto."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); override = 0; if (version == '12.4(6)XP') flag++; else if (version == '12.4(11)XJ') flag++; else if (version == '12.4(6)XE2') flag++; else if (version == '12.4(6)XE1') flag++; else if (version == '12.4(6)XE') flag++; else if (version == '12.4(4)XD5') flag++; else if (version == '12.4(4)XD4') flag++; else if (version == '12.4(4)XD2') flag++; else if (version == '12.4(4)XD1') flag++; else if (version == '12.4(4)XD') flag++; else if (version == '12.4(4)XC5') flag++; else if (version == '12.4(4)XC4') flag++; else if (version == '12.4(4)XC3') flag++; else if (version == '12.4(4)XC2') flag++; else if (version == '12.4(4)XC1') flag++; else if (version == '12.4(4)XC') flag++; else if (version == '12.4(2)XB5') flag++; else if (version == '12.4(2)XB4') flag++; else if (version == '12.4(2)XB3') flag++; else if (version == '12.4(2)XB2') flag++; else if (version == '12.4(2)XB1') flag++; else if (version == '12.4(2)XB') flag++; else if (version == '12.4(2)XA2') flag++; else if (version == '12.4(2)XA1') flag++; else if (version == '12.4(2)XA') flag++; else if (version == '12.4(11)T') flag++; else if (version == '12.4(9)T2') flag++; else if (version == '12.4(9)T1') flag++; else if (version == '12.4(9)T') flag++; else if (version == '12.4(6)T6') flag++; else if (version == '12.4(6)T5') flag++; else if (version == '12.4(6)T4') flag++; else if (version == '12.4(6)T3') flag++; else if (version == '12.4(6)T2') flag++; else if (version == '12.4(6)T1') flag++; else if (version == '12.4(6)T') flag++; else if (version == '12.4(4)T7') flag++; else if (version == '12.4(4)T6') flag++; else if (version == '12.4(4)T5') flag++; else if (version == '12.4(4)T4') flag++; else if (version == '12.4(4)T3') flag++; else if (version == '12.4(4)T2') flag++; else if (version == '12.4(4)T1') flag++; else if (version == '12.4(4)T') flag++; else if (version == '12.4(2)T5') flag++; else if (version == '12.4(2)T4') flag++; else if (version == '12.4(2)T3') flag++; else if (version == '12.4(2)T2') flag++; else if (version == '12.4(2)T1') flag++; else if (version == '12.4(2)T') flag++; else if (version == '12.4(11)SW') flag++; else if (version == '12.4(12)MR1') flag++; else if (version == '12.4(12)MR') flag++; else if (version == '12.4(11)MR') flag++; else if (version == '12.4(8c)') flag++; else if (version == '12.4(8b)') flag++; else if (version == '12.4(8a)') flag++; else if (version == '12.4(8)') flag++; else if (version == '12.4(7c)') flag++; else if (version == '12.4(7b)') flag++; else if (version == '12.4(7a)') flag++; else if (version == '12.4(7)') flag++; else if (version == '12.4(5b)') flag++; else if (version == '12.4(5a)') flag++; else if (version == '12.4(5)') flag++; else if (version == '12.4(3g)') flag++; else if (version == '12.4(3f)') flag++; else if (version == '12.4(3e)') flag++; else if (version == '12.4(3d)') flag++; else if (version == '12.4(3c)') flag++; else if (version == '12.4(3b)') flag++; else if (version == '12.4(3a)') flag++; else if (version == '12.4(3)') flag++; else if (version == '12.4(1c)') flag++; else if (version == '12.4(1b)') flag++; else if (version == '12.4(1a)') flag++; else if (version == '12.4(1)') flag++; else if (version == '12.3(8)ZA') flag++; else if (version == '12.3(11)YZ1') flag++; else if (version == '12.3(11)YZ') flag++; else if (version == '12.3(14)YX5') flag++; else if (version == '12.3(14)YX4') flag++; else if (version == '12.3(14)YX3') flag++; else if (version == '12.3(14)YX2') flag++; else if (version == '12.3(14)YX1') flag++; else if (version == '12.3(14)YX') flag++; else if (version == '12.3(14)YU1') flag++; else if (version == '12.3(14)YU') flag++; else if (version == '12.3(14)YT1') flag++; else if (version == '12.3(14)YT') flag++; else if (version == '12.3(11)YS1') flag++; else if (version == '12.3(11)YS') flag++; else if (version == '12.3(14)YQ8') flag++; else if (version == '12.3(14)YQ7') flag++; else if (version == '12.3(14)YQ6') flag++; else if (version == '12.3(14)YQ5') flag++; else if (version == '12.3(14)YQ4') flag++; else if (version == '12.3(14)YQ3') flag++; else if (version == '12.3(14)YQ2') flag++; else if (version == '12.3(14)YQ1') flag++; else if (version == '12.3(14)YQ') flag++; else if (version == '12.3(11)YK2') flag++; else if (version == '12.3(11)YK1') flag++; else if (version == '12.3(11)YK') flag++; else if (version == '12.3(8)YI3') flag++; else if (version == '12.3(8)YI2') flag++; else if (version == '12.3(8)YI1') flag++; else if (version == '12.3(8)YH') flag++; else if (version == '12.3(8)YG5') flag++; else if (version == '12.3(8)YG4') flag++; else if (version == '12.3(8)YG3') flag++; else if (version == '12.3(8)YG2') flag++; else if (version == '12.3(8)YG1') flag++; else if (version == '12.3(8)YG') flag++; else if (version == '12.3(11)YF4') flag++; else if (version == '12.3(11)YF3') flag++; else if (version == '12.3(11)YF2') flag++; else if (version == '12.3(11)YF1') flag++; else if (version == '12.3(11)YF') flag++; else if (version == '12.3(8)YD1') flag++; else if (version == '12.3(8)YD') flag++; else if (version == '12.3(8)YA1') flag++; else if (version == '12.3(8)YA') flag++; else if (version == '12.3(8)XX1') flag++; else if (version == '12.3(8)XX') flag++; else if (version == '12.3(8)XW3') flag++; else if (version == '12.3(8)XW2') flag++; else if (version == '12.3(8)XW1') flag++; else if (version == '12.3(8)XW') flag++; else if (version == '12.3(8)XU5') flag++; else if (version == '12.3(8)XU4') flag++; else if (version == '12.3(8)XU3') flag++; else if (version == '12.3(8)XU2') flag++; else if (version == '12.3(7)XS2') flag++; else if (version == '12.3(7)XS1') flag++; else if (version == '12.3(7)XS') flag++; else if (version == '12.3(7)XR6') flag++; else if (version == '12.3(7)XR5') flag++; else if (version == '12.3(7)XR4') flag++; else if (version == '12.3(7)XR3') flag++; else if (version == '12.3(7)XR2') flag++; else if (version == '12.3(7)XR') flag++; else if (version == '12.3(4)XQ1') flag++; else if (version == '12.3(4)XQ') flag++; else if (version == '12.3(11)XL1') flag++; else if (version == '12.3(11)XL') flag++; else if (version == '12.3(4)XK4') flag++; else if (version == '12.3(4)XK3') flag++; else if (version == '12.3(4)XK2') flag++; else if (version == '12.3(4)XK1') flag++; else if (version == '12.3(4)XK') flag++; else if (version == '12.3(7)XJ2') flag++; else if (version == '12.3(7)XJ1') flag++; else if (version == '12.3(7)XJ') flag++; else if (version == '12.3(7)XI9') flag++; else if (version == '12.3(7)XI8d') flag++; else if (version == '12.3(7)XI8c') flag++; else if (version == '12.3(7)XI8a') flag++; else if (version == '12.3(7)XI8') flag++; else if (version == '12.3(7)XI7b') flag++; else if (version == '12.3(7)XI7a') flag++; else if (version == '12.3(7)XI7') flag++; else if (version == '12.3(7)XI6') flag++; else if (version == '12.3(7)XI5') flag++; else if (version == '12.3(7)XI4') flag++; else if (version == '12.3(7)XI3') flag++; else if (version == '12.3(7)XI2a') flag++; else if (version == '12.3(7)XI2') flag++; else if (version == '12.3(7)XI10') flag++; else if (version == '12.3(7)XI1c') flag++; else if (version == '12.3(7)XI1b') flag++; else if (version == '12.3(7)XI1') flag++; else if (version == '12.3(4)XG5') flag++; else if (version == '12.3(4)XG4') flag++; else if (version == '12.3(4)XG3') flag++; else if (version == '12.3(4)XG2') flag++; else if (version == '12.3(4)XG1') flag++; else if (version == '12.3(4)XG') flag++; else if (version == '12.3(2)XF') flag++; else if (version == '12.3(2)XE4') flag++; else if (version == '12.3(2)XE3') flag++; else if (version == '12.3(2)XE2') flag++; else if (version == '12.3(2)XE1') flag++; else if (version == '12.3(2)XE') flag++; else if (version == '12.3(4)XD4') flag++; else if (version == '12.3(4)XD3') flag++; else if (version == '12.3(4)XD2') flag++; else if (version == '12.3(4)XD1') flag++; else if (version == '12.3(4)XD') flag++; else if (version == '12.3(2)XC4') flag++; else if (version == '12.3(2)XC3') flag++; else if (version == '12.3(2)XC2') flag++; else if (version == '12.3(2)XC1') flag++; else if (version == '12.3(2)XC') flag++; else if (version == '12.3(2)XB3') flag++; else if (version == '12.3(2)XB1') flag++; else if (version == '12.3(2)XB') flag++; else if (version == '12.3(2)XA5') flag++; else if (version == '12.3(2)XA4') flag++; else if (version == '12.3(2)XA3') flag++; else if (version == '12.3(2)XA2') flag++; else if (version == '12.3(2)XA1') flag++; else if (version == '12.3(2)XA') flag++; else if (version == '12.3(4)TPC11a') flag++; else if (version == '12.3(14)T7') flag++; else if (version == '12.3(14)T6') flag++; else if (version == '12.3(14)T5') flag++; else if (version == '12.3(14)T3') flag++; else if (version == '12.3(14)T2') flag++; else if (version == '12.3(14)T1') flag++; else if (version == '12.3(14)T') flag++; else if (version == '12.3(11)T9') flag++; else if (version == '12.3(11)T8') flag++; else if (version == '12.3(11)T7') flag++; else if (version == '12.3(11)T6') flag++; else if (version == '12.3(11)T5') flag++; else if (version == '12.3(11)T4') flag++; else if (version == '12.3(11)T3') flag++; else if (version == '12.3(11)T2') flag++; else if (version == '12.3(11)T11') flag++; else if (version == '12.3(11)T10') flag++; else if (version == '12.3(11)T') flag++; else if (version == '12.3(8)T9') flag++; else if (version == '12.3(8)T8') flag++; else if (version == '12.3(8)T7') flag++; else if (version == '12.3(8)T6') flag++; else if (version == '12.3(8)T5') flag++; else if (version == '12.3(8)T4') flag++; else if (version == '12.3(8)T3') flag++; else if (version == '12.3(8)T11') flag++; else if (version == '12.3(8)T10') flag++; else if (version == '12.3(8)T1') flag++; else if (version == '12.3(8)T') flag++; else if (version == '12.3(7)T9') flag++; else if (version == '12.3(7)T8') flag++; else if (version == '12.3(7)T7') flag++; else if (version == '12.3(7)T6') flag++; else if (version == '12.3(7)T4') flag++; else if (version == '12.3(7)T3') flag++; else if (version == '12.3(7)T2') flag++; else if (version == '12.3(7)T12') flag++; else if (version == '12.3(7)T11') flag++; else if (version == '12.3(7)T10') flag++; else if (version == '12.3(7)T1') flag++; else if (version == '12.3(7)T') flag++; else if (version == '12.3(4)T9') flag++; else if (version == '12.3(4)T8') flag++; else if (version == '12.3(4)T7') flag++; else if (version == '12.3(4)T6') flag++; else if (version == '12.3(4)T4') flag++; else if (version == '12.3(4)T3') flag++; else if (version == '12.3(4)T2') flag++; else if (version == '12.3(4)T13') flag++; else if (version == '12.3(4)T11') flag++; else if (version == '12.3(4)T10') flag++; else if (version == '12.3(4)T1') flag++; else if (version == '12.3(4)T') flag++; else if (version == '12.3(2)T9') flag++; else if (version == '12.3(2)T8') flag++; else if (version == '12.3(2)T7') flag++; else if (version == '12.3(2)T6') flag++; else if (version == '12.3(2)T5') flag++; else if (version == '12.3(2)T4') flag++; else if (version == '12.3(2)T3') flag++; else if (version == '12.3(2)T2') flag++; else if (version == '12.3(2)T1') flag++; else if (version == '12.3(2)T') flag++; else if (version == '12.3(11)JX1') flag++; else if (version == '12.3(11)JX') flag++; else if (version == '12.3(7)JX7') flag++; else if (version == '12.3(7)JX6') flag++; else if (version == '12.3(7)JX5') flag++; else if (version == '12.3(7)JX4') flag++; else if (version == '12.3(7)JX3') flag++; else if (version == '12.3(7)JX2') flag++; else if (version == '12.3(7)JX1') flag++; else if (version == '12.3(7)JX') flag++; else if (version == '12.3(2)JL') flag++; else if (version == '12.3(2)JK2') flag++; else if (version == '12.3(2)JK1') flag++; else if (version == '12.3(2)JK') flag++; else if (version == '12.3(8)JEA1') flag++; else if (version == '12.3(8)JEA') flag++; else if (version == '12.3(11)JA1') flag++; else if (version == '12.3(11)JA') flag++; else if (version == '12.3(8)JA2') flag++; else if (version == '12.3(8)JA1') flag++; else if (version == '12.3(8)JA') flag++; else if (version == '12.3(7)JA4') flag++; else if (version == '12.3(7)JA3') flag++; else if (version == '12.3(7)JA2') flag++; else if (version == '12.3(7)JA1') flag++; else if (version == '12.3(7)JA') flag++; else if (version == '12.3(4)JA2') flag++; else if (version == '12.3(4)JA1') flag++; else if (version == '12.3(4)JA') flag++; else if (version == '12.3(2)JA6') flag++; else if (version == '12.3(2)JA5') flag++; else if (version == '12.3(2)JA2') flag++; else if (version == '12.3(2)JA1') flag++; else if (version == '12.3(2)JA') flag++; else if (version == '12.3(21)BC') flag++; else if (version == '12.3(17b)BC5') flag++; else if (version == '12.3(17b)BC4') flag++; else if (version == '12.3(17b)BC3') flag++; else if (version == '12.3(17a)BC2') flag++; else if (version == '12.3(17a)BC1') flag++; else if (version == '12.3(17a)BC') flag++; else if (version == '12.3(13a)BC6') flag++; else if (version == '12.3(13a)BC5') flag++; else if (version == '12.3(13a)BC4') flag++; else if (version == '12.3(13a)BC3') flag++; else if (version == '12.3(13a)BC2') flag++; else if (version == '12.3(13a)BC1') flag++; else if (version == '12.3(13a)BC') flag++; else if (version == '12.3(9a)BC9') flag++; else if (version == '12.3(9a)BC8') flag++; else if (version == '12.3(9a)BC7') flag++; else if (version == '12.3(9a)BC6') flag++; else if (version == '12.3(9a)BC5') flag++; else if (version == '12.3(9a)BC4') flag++; else if (version == '12.3(9a)BC3') flag++; else if (version == '12.3(9a)BC2') flag++; else if (version == '12.3(9a)BC1') flag++; else if (version == '12.3(9a)BC') flag++; else if (version == '12.3(5a)B5') flag++; else if (version == '12.3(5a)B4') flag++; else if (version == '12.3(5a)B3') flag++; else if (version == '12.3(5a)B2') flag++; else if (version == '12.3(5a)B1') flag++; else if (version == '12.3(5a)B') flag++; else if (version == '12.3(3)B1') flag++; else if (version == '12.3(3)B') flag++; else if (version == '12.3(1a)B') flag++; else if (version == '12.3(21)') flag++; else if (version == '12.3(20)') flag++; else if (version == '12.3(19)') flag++; else if (version == '12.3(18)') flag++; else if (version == '12.3(17b)') flag++; else if (version == '12.3(17a)') flag++; else if (version == '12.3(17)') flag++; else if (version == '12.3(16a)') flag++; else if (version == '12.3(16)') flag++; else if (version == '12.3(15b)') flag++; else if (version == '12.3(15a)') flag++; else if (version == '12.3(15)') flag++; else if (version == '12.3(13b)') flag++; else if (version == '12.3(13a)') flag++; else if (version == '12.3(13)') flag++; else if (version == '12.3(12e)') flag++; else if (version == '12.3(12d)') flag++; else if (version == '12.3(12c)') flag++; else if (version == '12.3(12b)') flag++; else if (version == '12.3(12a)') flag++; else if (version == '12.3(12)') flag++; else if (version == '12.3(10f)') flag++; else if (version == '12.3(10e)') flag++; else if (version == '12.3(10d)') flag++; else if (version == '12.3(10c)') flag++; else if (version == '12.3(10b)') flag++; else if (version == '12.3(10a)') flag++; else if (version == '12.3(10)') flag++; else if (version == '12.3(9e)') flag++; else if (version == '12.3(9d)') flag++; else if (version == '12.3(9c)') flag++; else if (version == '12.3(9b)') flag++; else if (version == '12.3(9a)') flag++; else if (version == '12.3(9)') flag++; else if (version == '12.3(6f)') flag++; else if (version == '12.3(6e)') flag++; else if (version == '12.3(6c)') flag++; else if (version == '12.3(6b)') flag++; else if (version == '12.3(6a)') flag++; else if (version == '12.3(6)') flag++; else if (version == '12.3(5f)') flag++; else if (version == '12.3(5e)') flag++; else if (version == '12.3(5d)') flag++; else if (version == '12.3(5c)') flag++; else if (version == '12.3(5b)') flag++; else if (version == '12.3(5a)') flag++; else if (version == '12.3(5)') flag++; else if (version == '12.3(3i)') flag++; else if (version == '12.3(3h)') flag++; else if (version == '12.3(3g)') flag++; else if (version == '12.3(3f)') flag++; else if (version == '12.3(3e)') flag++; else if (version == '12.3(3c)') flag++; else if (version == '12.3(3b)') flag++; else if (version == '12.3(3a)') flag++; else if (version == '12.3(3)') flag++; else if (version == '12.3(1a)') flag++; else if (version == '12.3(1)') flag++; else if (version == '12.2(18)ZU2') flag++; else if (version == '12.2(18)ZU1') flag++; else if (version == '12.2(18)ZU') flag++; else if (version == '12.2(15)ZL1') flag++; else if (version == '12.2(15)ZL') flag++; else if (version == '12.2(15)ZJ5') flag++; else if (version == '12.2(15)ZJ3') flag++; else if (version == '12.2(15)ZJ2') flag++; else if (version == '12.2(15)ZJ1') flag++; else if (version == '12.2(15)ZJ') flag++; else if (version == '12.2(13)ZH8') flag++; else if (version == '12.2(13)ZH7') flag++; else if (version == '12.2(13)ZH6') flag++; else if (version == '12.2(13)ZH5') flag++; else if (version == '12.2(13)ZH4') flag++; else if (version == '12.2(13)ZH3') flag++; else if (version == '12.2(13)ZH2') flag++; else if (version == '12.2(13)ZH1') flag++; else if (version == '12.2(13)ZH') flag++; else if (version == '12.2(13)ZG') flag++; else if (version == '12.2(13)ZF2') flag++; else if (version == '12.2(13)ZF1') flag++; else if (version == '12.2(13)ZF') flag++; else if (version == '12.2(13)ZE') flag++; else if (version == '12.2(13)ZD4') flag++; else if (version == '12.2(13)ZD3') flag++; else if (version == '12.2(13)ZD2') flag++; else if (version == '12.2(13)ZD1') flag++; else if (version == '12.2(13)ZD') flag++; else if (version == '12.2(11)YV1') flag++; else if (version == '12.2(11)YV') flag++; else if (version == '12.2(11)YU') flag++; else if (version == '12.2(15)XR2') flag++; else if (version == '12.2(15)XR1') flag++; else if (version == '12.2(15)XR') flag++; else if (version == '12.2(15)T9') flag++; else if (version == '12.2(15)T8') flag++; else if (version == '12.2(15)T7') flag++; else if (version == '12.2(15)T5') flag++; else if (version == '12.2(15)T2') flag++; else if (version == '12.2(15)T16') flag++; else if (version == '12.2(15)T15') flag++; else if (version == '12.2(15)T14') flag++; else if (version == '12.2(15)T13') flag++; else if (version == '12.2(15)T12') flag++; else if (version == '12.2(15)T11') flag++; else if (version == '12.2(15)T10') flag++; else if (version == '12.2(15)T1') flag++; else if (version == '12.2(15)T') flag++; else if (version == '12.2(18)SXF7') flag++; else if (version == '12.2(18)SXF6') flag++; else if (version == '12.2(18)SXF5') flag++; else if (version == '12.2(18)SXF4') flag++; else if (version == '12.2(18)SXF3') flag++; else if (version == '12.2(18)SXF2') flag++; else if (version == '12.2(18)SXF1') flag++; else if (version == '12.2(18)SXF') flag++; else if (version == '12.2(18)SXE6b') flag++; else if (version == '12.2(18)SXE6a') flag++; else if (version == '12.2(18)SXE6') flag++; else if (version == '12.2(18)SXE5') flag++; else if (version == '12.2(18)SXE4') flag++; else if (version == '12.2(18)SXE3') flag++; else if (version == '12.2(18)SXE2') flag++; else if (version == '12.2(18)SXE1') flag++; else if (version == '12.2(18)SXE') flag++; else if (version == '12.2(18)SXD7b') flag++; else if (version == '12.2(18)SXD7a') flag++; else if (version == '12.2(18)SXD7') flag++; else if (version == '12.2(18)SXD6') flag++; else if (version == '12.2(18)SXD5') flag++; else if (version == '12.2(18)SXD4') flag++; else if (version == '12.2(18)SXD3') flag++; else if (version == '12.2(18)SXD2') flag++; else if (version == '12.2(18)SXD1') flag++; else if (version == '12.2(18)SXD') flag++; else if (version == '12.2(33)SRA2') flag++; else if (version == '12.2(33)SRA1') flag++; else if (version == '12.2(33)SRA') flag++; else if (version == '12.2(31)SGA') flag++; else if (version == '12.2(31)SG1') flag++; else if (version == '12.2(31)SG') flag++; else if (version == '12.2(25)SG1') flag++; else if (version == '12.2(25)SG') flag++; else if (version == '12.2(25)SEG2') flag++; else if (version == '12.2(25)SEG1') flag++; else if (version == '12.2(25)SEG') flag++; else if (version == '12.2(25)SEF2') flag++; else if (version == '12.2(25)SEF1') flag++; else if (version == '12.2(25)SEE2') flag++; else if (version == '12.2(25)SEE1') flag++; else if (version == '12.2(25)SEE') flag++; else if (version == '12.2(25)SED1') flag++; else if (version == '12.2(25)SED') flag++; else if (version == '12.2(25)SEC2') flag++; else if (version == '12.2(25)SEC1') flag++; else if (version == '12.2(25)SEC') flag++; else if (version == '12.2(25)SEB4') flag++; else if (version == '12.2(25)SEB3') flag++; else if (version == '12.2(25)SEB2') flag++; else if (version == '12.2(25)SEB1') flag++; else if (version == '12.2(25)SEB') flag++; else if (version == '12.2(25)SEA') flag++; else if (version == '12.2(35)SE1') flag++; else if (version == '12.2(35)SE') flag++; else if (version == '12.2(25)SE3') flag++; else if (version == '12.2(25)SE2') flag++; else if (version == '12.2(25)SE') flag++; else if (version == '12.2(31)SB3x') flag++; else if (version == '12.2(31)SB3') flag++; else if (version == '12.2(31)SB2') flag++; else if (version == '12.2(15)JK5') flag++; else if (version == '12.2(15)JK4') flag++; else if (version == '12.2(15)JK3') flag++; else if (version == '12.2(15)JK2') flag++; else if (version == '12.2(15)JK1') flag++; else if (version == '12.2(15)JK') flag++; else if (version == '12.2(15)JA') flag++; else if (version == '12.2(18)IXC') flag++; else if (version == '12.2(18)IXB2') flag++; else if (version == '12.2(18)IXB1') flag++; else if (version == '12.2(18)IXB') flag++; else if (version == '12.2(18)IXA') flag++; else if (version == '12.2(25)FZ') flag++; else if (version == '12.2(25)FY') flag++; else if (version == '12.2(25)FX') flag++; else if (version == '12.2(25)EZ1') flag++; else if (version == '12.2(25)EZ') flag++; else if (version == '12.2(25)EY4') flag++; else if (version == '12.2(25)EY3') flag++; else if (version == '12.2(25)EY2') flag++; else if (version == '12.2(25)EY1') flag++; else if (version == '12.2(25)EY') flag++; else if (version == '12.2(25)EX1') flag++; else if (version == '12.2(25)EX') flag++; else if (version == '12.2(25)EWA8') flag++; else if (version == '12.2(25)EWA7') flag++; else if (version == '12.2(25)EWA6') flag++; else if (version == '12.2(25)EWA5') flag++; else if (version == '12.2(25)EWA4') flag++; else if (version == '12.2(25)EWA3') flag++; else if (version == '12.2(25)EWA2') flag++; else if (version == '12.2(25)EWA1') flag++; else if (version == '12.2(25)EWA') flag++; else if (version == '12.2(25)EW') flag++; else if (version == '12.2(15)CZ3') flag++; else if (version == '12.2(15)CZ2') flag++; else if (version == '12.2(15)CZ1') flag++; else if (version == '12.2(15)CZ') flag++; else if (version == '12.2(15)CX1') flag++; else if (version == '12.2(15)CX') flag++; else if (version == '12.2(15)BZ2') flag++; else if (version == '12.2(16)BX3') flag++; else if (version == '12.2(16)BX2') flag++; else if (version == '12.2(16)BX1') flag++; else if (version == '12.2(16)BX') flag++; else if (version == '12.2(15)BX') flag++; else if (version == '12.2(15)BC2i') flag++; else if (version == '12.2(15)BC2h') flag++; else if (version == '12.2(15)BC2g') flag++; else if (version == '12.2(15)BC2f') flag++; else if (version == '12.2(15)BC2e') flag++; else if (version == '12.2(15)BC2d') flag++; else if (version == '12.2(15)BC2c') flag++; else if (version == '12.2(15)BC2b') flag++; else if (version == '12.2(15)BC2a') flag++; else if (version == '12.2(15)BC2') flag++; else if (version == '12.2(15)BC1g') flag++; else if (version == '12.2(15)BC1f') flag++; else if (version == '12.2(15)BC1e') flag++; else if (version == '12.2(15)BC1d') flag++; else if (version == '12.2(15)BC1c') flag++; else if (version == '12.2(15)BC1b') flag++; else if (version == '12.2(15)BC1a') flag++; else if (version == '12.2(15)BC1') flag++; else if (version == '12.2(16)B2') flag++; else if (version == '12.2(16)B1') flag++; else if (version == '12.2(16)B') flag++; else if (version == '12.2(15)B') flag++; if (get_kb_item("Host/local_checks_enabled")) { if (flag) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_crypto_isakmp_policy", "show crypto isakmp policy"); if (check_cisco_result(buf)) { if (preg(pattern:"Protection suite", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config"); if (check_cisco_result(buf)) { if (preg(pattern:"ip http secure-server", multiline:TRUE, string:buf)) { flag = 1; } if (preg(pattern:"parameter-map[^\r\n]+TMS", multiline:TRUE, string:buf)) { flag = 1; } if (preg(pattern:"crypto signaling", multiline:TRUE, string:buf)) { flag = 1; } if (preg(pattern:"method tls", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag) { security_warning(port:0, extra:cisco_caveat(override)); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted

2009-12-21T04:00:39.821-05:00

class

vulnerability

contributors

name Yuzheng Zhou
organization Hewlett-Packard
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Thomas R. Jones
organization Maitreya Security

description

family

ios

oval:org.mitre.oval:def:5778

status

accepted

submitted

2008-05-26T11:06:36.000-04:00

title

RSA BSAFE Cyrpt-C and Cert-C Libraries ASN.1 Object Parsing DoS Vulnerability

version

Summary

Vulnerable Configurations

Nessus

Oval

References