Vulnerabilities > CVE-2015-0536 - Unspecified vulnerability in Dell Bsafe and Bsafe Ssl-C

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dell

NVD

Published: 2015-08-20

Updated: 2021-12-14

Summary

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Bsafe SSL C 2.8 Dell Bsafe SSL C 2.8.7 Dell Bsafe 4.1.0 Dell Bsafe 4.1.0.1 Dell Bsafe 4.1.1 Dell Bsafe 4.1.2 Dell Bsafe 4.0.0 Dell Bsafe 4.0.1 Dell Bsafe 4.0.2 Dell Bsafe 4.0.3 Dell Bsafe 4.0.4 Dell Bsafe 4.0.5 Dell Bsafe 4.0.5.3 Dell Bsafe 4.0.7	14

Seebug

bulletinFamily	exploit
description	受影响的产品： RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.1 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions prior to 6.2 RSA BSAFE SSL-J all versions prior to 6.2 RSA BSAFE SSL-C all versions including 2.8.9 未受影响的产品： RSA BSAFE Micro Edition Suite (MES) 4.1.3 RSA BSAFE Micro Edition Suite (MES) 4.0.8 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 RSA BSAFE Crypto-J 6.2 RSA BSAFE SSL-J 6.2 漏洞原因：Base64解码实现的整数下溢在RSA BSAFE MES，Crypto-C ME和SSL-C中的Base64解码实现时的整数下溢可能允许远程攻击者通过分段报错导致内存意外损坏（类似于CVE-2015-导致拒绝服务0292）。 CVSS V2基本评分：7.5（AV：N / AC：L /金：N / C：P / I：P / A：P）注：影响MES，上面列出的Crypto-C ME和SSL-C版本。建议： RSA BSAFE Micro Edition Suite (MES) 4.0.8 and 4.1.3 修复了 CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 修复了 CVE-2015-0537. RSA BSAFE Crypto-J 6.2 修复了 CVE-2015-0534 RSA BSAFE SSL-J 6.2 修复了 CVE-2015-0534 RSA建议所有客户升级到尽早上面列出的版本。
id	SSV:89264
last seen	2017-11-19
modified	2015-08-31
published	2015-08-31
reporter	avengert
title	Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities

Summary

Vulnerable Configurations

Seebug

References