May 2007
Cisco Security Advisory: Vulnerability In Crypto Library Advisory ID: cisco-sa-20070522-crypto
ID: 137
Ref: 079/2007
Date: 22 May 2007:14:57:55
Version: 1
Title: Cisco Security Advisory: Vulnerability In Crypto Library Advisory ID: cisco-sa-20070522-crypto
Abstract: A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One - ASN.1, object is parsed.
Vendors affected: Cisco
Operating systems affected: Cisco
The CPNI Vulnerability Team has been made aware of vulnerabilities in the RSA BSAFE Crypto-C and Cert-C libraries. More information is available from the Cisco website at:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
This issue has been tracked by CPNI, CERT/CC and JPCERT/CC using the following reference numbers, which should be quoted in any correspondence:
CVE: CVE-2006-3894
CPNI: 362917
CERT/CC: VU#754281
JPCERT/CC: JVNVU#754281
We would like to thank Cisco for bringing this to our attention and our partner CERTs for their cooperation. Questions can be directed to vulteam@cpni.gov.uk
--------------------
CPNI Vulnerability Team
______________________________________________________________________________
CPNI values your feedback.
1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)
Very useful:__ Useful:__ Not useful:__
2. If you did not find it useful, why not?
3. Any other comments? How could we improve our advisories?
Thank you for your contribution.
______________________________________________________________________________