AvengertSSV:89264Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities
0.006 Low
EPSS
Percentile
75.4%
受影响的产品:
RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.3
RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.8
RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.1
RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) all versions prior to 4.0.4
RSA BSAFE Crypto-J all versions prior to 6.2
RSA BSAFE SSL-J all versions prior to 6.2
RSA BSAFE SSL-C all versions including 2.8.9
未受影响的产品:
RSA BSAFE Micro Edition Suite (MES) 4.1.3
RSA BSAFE Micro Edition Suite (MES) 4.0.8
RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4
RSA BSAFE Crypto-J 6.2
RSA BSAFE SSL-J 6.2
漏洞原因:Base64解码实现的整数下溢
在RSA BSAFE MES,Crypto-C ME和SSL-C中的Base64解码实现时的整数下溢可能允许远程攻击者通过分段报错导致内存意外损坏(类似于CVE-2015-导致拒绝服务0292)。
CVSS V2基本评分:7.5(AV:N / AC:L /金:N / C:P / I:P / A:P)
注:影响MES,上面列出的Crypto-C ME和SSL-C版本。
建议:
RSA BSAFE Micro Edition Suite (MES) 4.0.8 and 4.1.3 修复了 CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537
RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 修复了 CVE-2015-0537.
RSA BSAFE Crypto-J 6.2 修复了 CVE-2015-0534
RSA BSAFE SSL-J 6.2 修复了 CVE-2015-0534
RSA建议所有客户升级到尽早上面列出的版本。
Related
