Vulnerability in Bouncy Castle 1.0.2.4 (bc-fips-1.0.2.4.jar) on Siteminder Sharepoint Agent r12.8.x
search cancel

Vulnerability in Bouncy Castle 1.0.2.4 (bc-fips-1.0.2.4.jar) on Siteminder Sharepoint Agent r12.8.x

book

Article ID: 410149

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

A security scan may flag the following Bouncy Castle for Java file (bc-fips-1.0.2.4 or older) on Siteminder Sharepoint Agent r12.8.x

<Install_Dir>/CA/Agent-for-SharePoint/agentframework/java/bc-fips-1.0.2.4.jar
<Install_Dir>/CA/Agent-for-SharePoint/Tomcat/webapps/affwebservices/WEB-INF/lib/bc-fips-1.0.2.4.jar
<Install_Dir>/CA/Agent-for-SharePoint/Tomcat/thirdparty/bc-fips-1.0.2.4.jar

Environment

PRODUCT: Symantec Siteminder

COMPONENT: Sharepoint Agent

VERSION: r12.8.7 & r12.8.8

OPERATING SYSTEM: Windows and Linux

Cause

CVE-2025-8885

DESCRIPTION:  Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java.

IMPACTED: Bouncy Castle for Java

BC 1.0 through 1.77
BC-FJA 1.0.0 through 1.0.2.5
BC-FJA 2.0.0 through 2.0.0

REMEDIATED:  Bouncy Castle for Java 1.0.2.6

Resolution

Upgrade Bouncy Castle for Java on the Siteminder Sharepoint Agent r12.8.x to Bouncy Castle 1.0.2.6

1) Logon to the Siteminder Sharepoint Agent Server

2) Stop the Siteminder Sharepoint Agent

3) Back-up the existing "bc-fips-1.0.2.4.jar" or older.

EXAMPLE:

# cd <Install_Dir>/CA/Agent-for-SharePoint/agentframework/java/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

# cd <Install_Dir>/CA/Agent-for-SharePoint/Tomcat/webapps/affwebservices/WEB-INF/lib/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

# cd <Install_Dir>/CA/Agent-for-SharePoint/Tomcat/thirdparty/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

 

4) Copy 'bc-fips-1.0.2.6.jar.' from this KB to the Siteminder Sharepoint Agent Server.

5) Place the updated 'bc-fips-1.0.2.6.jar' in the following directories

<Install_Dir>/CA/secure-proxy/agentframework/java/bc-fips-1.0.2.6.jar
<Install_Dir>/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/lib/bc-fips-1.0.2.6.jar
<Install_Dir>/CA/secure-proxy/Tomcat/thirdparty/bc-fips-1.0.2.6.jar
<Install_Dir>/CA/secure-proxy/Tomcat/federation_apps/sts/webapps/WEB-INF/lib/bc-fips-1.0.2.6.jar

6) Start the Siteminder Sharepoint Agent Server and verify functionality

7) Delete the following files

<Install_Dir>/CA/Agent-for-SharePoint/agentframework/java/bc-fips-1.0.2.4.jar.BAK
<Install_Dir>/CA/Agent-for-SharePoint/Tomcat/webapps/affwebservices/WEB-INF/lib/bc-fips-1.0.2.4.jar.BAK
<Install_Dir>/CA/Agent-for-SharePoint/Tomcat/thirdparty/bc-fips-1.0.2.4.jar.BAK

 

Additional Information

Powered by Wolken Software