Security Vulnerability: RSA BSAFE Libraries denial of service

  • 3590033
  • 30-May-2007
  • 14-Feb-2017

Environment

Novell NetWare 6.5
Novell eDirectory 8.8 SP2
Novell International Cryptographic Infrastructure (NICI) versions prior to 2.7.2 on all platforms

Situation

A remote, unauthenticated attacker may be able to create a denial-of-service condition.

Resolution

NICI version 2.7.2 incorporates the updated RSA BSAFE Crypto-C and Cert-C libraries that contain the fix for this vulnerability.

NICI version 2.7.2 is available in Security Services Pack 2.0.4 or newer which can be downloaded from https://dl.netiq.com

Status

Security Alert

Additional Information

US-Cert VU#754281   http://www.kb.cert.org/vuls/id/754281

CVE-2006-3894  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3894

References:
http://www.rsa.com/node.aspx?id=1204
http://secunia.com/advisories/25364

Thanks to Cisco Systems for reporting this vulnerability to Cert.org