Vulnerabilities > CVE-2015-0537 - Integer Underflow (Wrap or Wraparound) vulnerability in Dell Bsafe, Bsafe Crypto-C and Bsafe Ssl-C
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 15 |
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | 受影响的产品: RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.1 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions prior to 6.2 RSA BSAFE SSL-J all versions prior to 6.2 RSA BSAFE SSL-C all versions including 2.8.9 未受影响的产品: RSA BSAFE Micro Edition Suite (MES) 4.1.3 RSA BSAFE Micro Edition Suite (MES) 4.0.8 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 RSA BSAFE Crypto-J 6.2 RSA BSAFE SSL-J 6.2 漏洞原因:Base64解码实现的整数下溢 在RSA BSAFE MES,Crypto-C ME和SSL-C中的Base64解码实现时的整数下溢可能允许远程攻击者通过分段报错导致内存意外损坏(类似于CVE-2015-导致拒绝服务0292)。 CVSS V2基本评分:7.5(AV:N / AC:L /金:N / C:P / I:P / A:P) 注:影响MES,上面列出的Crypto-C ME和SSL-C版本。 建议: RSA BSAFE Micro Edition Suite (MES) 4.0.8 and 4.1.3 修复了 CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 修复了 CVE-2015-0537. RSA BSAFE Crypto-J 6.2 修复了 CVE-2015-0534 RSA BSAFE SSL-J 6.2 修复了 CVE-2015-0534 RSA建议所有客户升级到尽早上面列出的版本。 |
id | SSV:89264 |
last seen | 2017-11-19 |
modified | 2015-08-31 |
published | 2015-08-31 |
reporter | avengert |
title | Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities |