-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0031

Title: RSA SecurID Software Token Converter buffer overflow vulnerability

Version history:
07.03.2012 Initial publication

Summary
=======

CVE-2012-0397

Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1
allows remote attackers to cause a denial of service or possibly execute
arbitrary code via unspecified vectors.[1][2]

CVSS v2 Base Score: 7.6 (High) (AV:N/AC:H/Au:N/C:C/I:C/A:C)[4]

Affected Versions
=================
All versions of RSA SecurID Software Token Converter before 2.6.1.

Platforms:
Microsoft Windows
Linux


What can you do?
================
RSA strongly recommends that all customers using RSA SecurID Software
Token Converter upgrade to version 2.6.1.[3]

What to tell your users?
========================
Not applicable.

References
================
[1] http://www.securityfocus.com/archive/1/521885
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0397
[3] http://www.rsa.com
[4] Information about CVSS: http://www.first.org/cvss/cvss-guide.html

Best regards,
CERT-EU.

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in
its setup phase, until May 2012. Services are provided in a pilot
fashion, and are not  yet fully functional. Announcements, alerts and
warnings are sent out in best effort manner, and to contact information
currently known to us. We apologise if  you are not the correct
recipient, or if you had already been warned about this issue from
another source . Format, content and way of alerting are subject to
change in the future. Contact information or even the team name may
change as well.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPV3WvAAoJEPpzpNLI8SVo4QoP/1tOQ4I0BcHzJdr7si1n0zw/
VfWLFg3HQNH/stjiajzEvR4ml08YugkuAX3bL0Ber7uU7Rtwhk3cQGPsWX5VN/fI
Vcs3Yij2c3y6PBlgH4GzFmuIMKOHQuzPF74jp0r25XwtYNXnfJPJ48Y8tEUHR9M/
QKUzYxX88RG00gFjY1NCB1I6Gfj1QmpUBxtDXp2/x2t/3JEp9TaAv0gaRUwKRuIA
eh+9zck/4ybYULj0+pyNC8cUG5mGVvUs5tbqhybiGt8lmCqLcrkf8KX0aQ50cAhL
lU5HJAy9982LalpgbLE+Ocfdl+otylEud9MEZTdoSkNT12R1Jxd9hMi2UvzbASEE
2hnuH7KCQd8uENXifMEjWDl+WRuC6Ji5w/WbAPfy2djdEAkhWkpK69bIdiy2u0JW
4bl83QY1PQYV/UX5MmWjfs9ndOrIYQGdQoB8sM75dMB12i3Ku0Lq2gnHPD8AMscE
UoGC6Qdm3PLaxpG/sGFEhg+JyV9PApUxX2vSRNv9hfgsUtMHW8SsZyD1gGWjkCN8
UE3tOcXRP7Wwpd6hyRHM/TCb3l3fpFOsa4oeg34YgZ06bMzq9vdm/mP1bAoJu6sY
HvghwCRKnqA8mbbIyHdrZ8ukGDB3b+RzFM8RXGtFWUbTNYTkrCkpkYGdlHMuru4D
04E5MJ7k8YE8lfKsd/JX
=jRKg
-----END PGP SIGNATURE-----