Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Security Vulnerability: RSA BSAFE Libraries denial of service

This document (3590033) is provided subject to the disclaimer at the end of this document.

Environment

Novell NetWare 6.5
Novell eDirectory 8.8 SP2
Novell International Cryptographic Infrastructure (NICI) versions prior to 2.7.2 on all platforms

Situation

A remote, unauthenticated attacker may be able to create a denial-of-service condition.

Resolution

NICI version 2.7.2 incorporates the updated RSA BSAFE Crypto-C and Cert-C libraries that contain the fix for this vulnerability.

NICI version 2.7.2 is available in Security Services Pack 2.0.4 or newer which can be downloaded from http://dl.netiq.com

Status

Security Alert

Additional Information

US-Cert VU#754281   http://www.kb.cert.org/vuls/id/754281

CVE-2006-3894  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3894

References:
http://www.rsa.com/node.aspx?id=1204
http://secunia.com/advisories/25364

Thanks to Cisco Systems for reporting this vulnerability to Cert.org

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3590033
  • Creation Date:30-MAY-07
  • Modified Date:14-FEB-17
    • NovellNetWare

Did this document solve your problem? Provide Feedback