Sign-up

ID

VAR-201403-0549


CVE

CVE-2014-0628


TITLE

EMC RSA BSAFE Micro Edition Suite Service disruption in the server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001797

DESCRIPTION

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. RSA BSAFE Micro Edition Suite (MES) is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. RSA BSAFE Micro Edition Suite (MES) prior 4.0.5 are vulnerable. The toolkit helps developers achieve stable and secure application design. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-011: RSA BSAFE\xae Micro Edition Suite Server Crash Vulnerability EMC Identifier: ESA-2014-011 CVE Identifier: CVE-2014-0628 Severity Rating: CVSS v2 Base Score: 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C) Affected Products: RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.5 Unaffected Products: RSA BSAFE MES all 3.2.x versions Summary: RSA BSAFE MES 4.0.5 contains fix for a security vulnerability that could potentially be exploited by malicious users to deny access to the affected system. Details: This vulnerability may cause unpredictable application behavior resulting in a server crash due to faulty certificate chain processing logic. Recommendation: RSA recommends all customers upgrade to RSA BSAFE MES 4.0.5 at their earliest opportunity. Obtaining Downloads: To request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. Sincerely, RSA Customer Support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlMwP3kACgkQtjd2rKp+ALyJqgCffAZrlwRKpelw7DBIJI4wiMyb d1IAoKKSaOrpCcHKhrcuZQRyIqi8Mzk7 =Tb8D -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2014-0628 // JVNDB: JVNDB-2014-001797 // BID: 66388 // VULHUB: VHN-68121 // PACKETSTORM: 125840

AFFECTED PRODUCTS

vendor:dellmodel:bsafe micro-edition-suitescope:eqversion:4.0.2

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:eqversion:4.0.3

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:eqversion:4.0.1

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:eqversion:4.0.4

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:eqversion:4.0.0

Trust: 1.0

vendor:dell emc old emcmodel:rsa bsafescope:ltversion:4.0.x

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:(64)

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:(64)

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base(64)

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:micro edition suite 4.0.5

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:emcmodel:rsa bsafescope:eqversion:4.0.3

Trust: 0.6

vendor:emcmodel:rsa bsafescope:eqversion:4.0.4

Trust: 0.6

vendor:emcmodel:rsa bsafescope:eqversion:4.0.2

Trust: 0.6

vendor:emcmodel:rsa bsafescope:eqversion:4.0.1

Trust: 0.6

vendor:emcmodel:rsa bsafescope:eqversion:4.0.0

Trust: 0.6

sources: JVNDB: JVNDB-2014-001797 // CNNVD: CNNVD-201403-435 // NVD: CVE-2014-0628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0628
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0628
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-435
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68121
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0628
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68121
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68121 // JVNDB: JVNDB-2014-001797 // CNNVD: CNNVD-201403-435 // NVD: CVE-2014-0628

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-68121 // JVNDB: JVNDB-2014-001797 // NVD: CVE-2014-0628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-435

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201403-435

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001797

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-68121

PATCH
title:RSA BSAFE Micro Edition Suiteurl:http://japan.emc.com/security/rsa-bsafe/rsa-bsafe-micro-edtion-suite.htm
Trust: 0.8
title:HS14-012url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-012/index.html
Trust: 0.8
title:HS14-012url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-012/index.html
Trust: 0.8
title:EMC RSA BSAFE Micro Edition Suite Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172322
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-001797 // 
            
            
            
            CNNVD: CNNVD-201403-435

EXTERNAL IDS
db:NVDid:CVE-2014-0628
Trust: 2.9
db:JVNDBid:JVNDB-2014-001797
Trust: 0.8
db:CNNVDid:CNNVD-201403-435
Trust: 0.7
db:BIDid:66388
Trust: 0.4
db:PACKETSTORMid:125840
Trust: 0.2
db:VULHUBid:VHN-68121
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68121 // 
            
            
            
            BID: 66388 // 
            
            
            
            JVNDB: JVNDB-2014-001797 // 
            
            
            
            PACKETSTORM: 125840 // 
            
            
            
            CNNVD: CNNVD-201403-435 // 
            
            
            
            NVD: CVE-2014-0628

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0628
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0628
Trust: 0.8
url:http://archives.neohapsis.com/archives/bugtraq/2014-03/att-0130/esa-2014-011.txt
Trust: 0.8
url:http://www.emc.com/support/rsa/contact/phone-numbers.htm)
Trust: 0.1
url:https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.
Trust: 0.1
url:http://www.emc.com/support/rsa/eops/index.htm
Trust: 0.1
url:http://www.rsa.com.
Trust: 0.1
url:https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3.
Trust: 0.1
url:https://knowledge.rsasecurity.com
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-0628
Trust: 0.1
url:http://www.emc.com/support/rsa/index.htm
Trust: 0.1
url:https://knowledge.rsasecurity.com,
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68121 // 
            
            
            
            JVNDB: JVNDB-2014-001797 // 
            
            
            
            PACKETSTORM: 125840 // 
            
            
            
            CNNVD: CNNVD-201403-435 // 
            
            
            
            NVD: CVE-2014-0628

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66388

SOURCES
db:VULHUBid:VHN-68121
db:BIDid:66388
db:JVNDBid:JVNDB-2014-001797
db:PACKETSTORMid:125840
db:CNNVDid:CNNVD-201403-435
db:NVDid:CVE-2014-0628

LAST UPDATE DATE
2024-11-23T22:23:06.856000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68121date:2021-12-09T00:00:00
db:BIDid:66388date:2015-01-12T00:03:00
db:JVNDBid:JVNDB-2014-001797date:2014-05-16T00:00:00
db:CNNVDid:CNNVD-201403-435date:2021-12-01T00:00:00
db:NVDid:CVE-2014-0628date:2024-11-21T02:02:31.723

SOURCES RELEASE DATE
db:VULHUBid:VHN-68121date:2014-03-25T00:00:00
db:BIDid:66388date:2014-03-24T00:00:00
db:JVNDBid:JVNDB-2014-001797date:2014-03-27T00:00:00
db:PACKETSTORMid:125840date:2014-03-24T19:22:22
db:CNNVDid:CNNVD-201403-435date:2014-03-26T00:00:00
db:NVDid:CVE-2014-0628date:2014-03-25T13:25:38.210