RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code
RSA BSAFE SSL-C prior to 2.8.6
RSA BSAFE SSL-C Multiple Vulnerabilities
EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can be exploited by malicious people to disclose sensitive information, hijack a user's session, and potentially compromise an application using the library.
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions [CVE-2011-3389].
A remote user can send specially crafted data to the target application using BSAFE SSL-C to potentially trigger a heap overflow in the asn1_d2i_read_bio() function and execute arbitrary code on the target system [CVE-2012-2110, CVE-2012-2131]. The code will run with the privileges of the target application.
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
A remote user can execute arbitrary code on the target system.
The vendor has issued a fix (BSAFE SSL-C 2.8.6).