OpenCVE

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Bsafe Crypto-c-micro-edition Bsafe Crypto-j Bsafe Micro-edition-suite Bsafe Ssl-c Bsafe Ssl-j

Configuration 1 [-]

OR	cpe:2.3:a:dell:bsafe_crypto-c-micro-edition::::::::
	cpe:2.3:a:dell:bsafe_crypto-c-micro-edition::::::::
	cpe:2.3:a:dell:bsafe_crypto-j::::::::
	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::
	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::
	cpe:2.3:a:dell:bsafe_ssl-c::::::::
	cpe:2.3:a:dell:bsafe_ssl-j::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html
http://seclists.org/bugtraq/2016/Apr/66
http://www.securityfocus.com/archive/1/538055/100/0/threaded
http://www.securitytracker.com/id/1035515
http://www.securitytracker.com/id/1035516
http://www.securitytracker.com/id/1035517

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2016-04-12T23:00:00

Updated: 2024-08-05T22:38:39.964Z

Reserved: 2015-12-17T00:00:00

Link: CVE-2016-0887

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2016-04-12T23:59:31.413

Modified: 2021-12-09T18:31:28.913

Link: CVE-2016-0887

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2016/Apr/66"}, {"name": "1035515", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035515"}, {"name": "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"}, {"name": "1035516", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035516"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"}, {"name": "1035517", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035517"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-0887", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2016/Apr/66"}, {"name": "1035515", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035515"}, {"name": "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"}, {"name": "1035516", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035516"}, {"name": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"}, {"name": "1035517", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035517"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:38:39.964Z"}, "title": "CVE Program Container", "references": [{"name": "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2016/Apr/66"}, {"name": "1035515", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035515"}, {"name": "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"}, {"name": "1035516", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035516"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"}, {"name": "1035517", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035517"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-0887", "datePublished": "2016-04-12T23:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:38:39.964Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", "matchCriteriaId": "673ED099-C778-4E51-89C4-369490646348", "versionEndIncluding": "4.0.5.3", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", "matchCriteriaId": "42D145F5-46EA-4198-BD59-BB296461324E", "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "44D1B34C-998E-46E6-B7CF-EE28C8E5FBC8", "versionEndExcluding": "6.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "5456BD00-766C-4868-9BA5-C8E82B353808", "versionEndIncluding": "4.0.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "261B4766-7CD0-47F8-997E-706129AA0A5E", "versionEndExcluding": "4.1.5", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*", "matchCriteriaId": "03175755-5E21-4B3A-A329-9F1804CF98CF", "versionEndExcluding": "2.8.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "36CE780D-E392-4543-A531-F6740823C53D", "versionEndExcluding": "6.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session."}, {"lang": "es", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2.1, RSA BSAFE SSL-J en versiones anteriores a 6.2.1 y RSA BSAFE SSL-C en versiones anteriores a 2.8.9 permiten a atacantes remotos descubrir un factor primo de clave privada llevando a cabo un ataque Lenstra de canal lateral que aprovecha el fallo de una aplicaci\u00f3n para detectar un fallo de firma RSA durante una sesi\u00f3n TLS."}], "id": "CVE-2016-0887", "lastModified": "2021-12-09T18:31:28.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-12T23:59:31.413", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"}, {"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/bugtraq/2016/Apr/66"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035515"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035516"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035517"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}