Vulnerabilites related to opensc-project - opensc
CVE-2008-2235 (GCVE-0-2008-2235)
Vulnerability from cvelistv5
Published
2008-08-01 14:00
Modified
2024-08-07 08:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30473"
},
{
"name": "31330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31330"
},
{
"name": "34362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34362"
},
{
"name": "MDVSA-2008:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opensc-project.org/security.html"
},
{
"name": "33115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33115"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31360",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31360"
},
{
"name": "FEDORA-2009-2267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "DSA-1627",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1627"
},
{
"name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
},
{
"name": "32099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"name": "GLSA-200812-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
},
{
"name": "opensc-smartcard-cryptotoken-weak-security(44140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30473"
},
{
"name": "31330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31330"
},
{
"name": "34362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34362"
},
{
"name": "MDVSA-2008:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opensc-project.org/security.html"
},
{
"name": "33115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33115"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31360",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31360"
},
{
"name": "FEDORA-2009-2267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "DSA-1627",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1627"
},
{
"name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
},
{
"name": "32099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"name": "GLSA-200812-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
},
{
"name": "opensc-smartcard-cryptotoken-weak-security(44140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30473"
},
{
"name": "31330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31330"
},
{
"name": "34362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34362"
},
{
"name": "MDVSA-2008:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
},
{
"name": "http://www.opensc-project.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.opensc-project.org/security.html"
},
{
"name": "33115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33115"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31360"
},
{
"name": "FEDORA-2009-2267",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "DSA-1627",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1627"
},
{
"name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
"refsource": "MLIST",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
},
{
"name": "32099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"name": "GLSA-200812-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
},
{
"name": "opensc-smartcard-cryptotoken-weak-security(44140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2235",
"datePublished": "2008-08-01T14:00:00",
"dateReserved": "2008-05-16T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0368 (GCVE-0-2009-0368)
Vulnerability from cvelistv5
Published
2009-03-02 22:00
Modified
2024-08-07 04:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34120"
},
{
"name": "33922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33922"
},
{
"name": "opensc-pkcs-unauth-access(48958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48958"
},
{
"name": "34362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34362"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "FEDORA-2009-2266",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html"
},
{
"name": "[oss-security] 20090226 OpenSC Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/02/26/1"
},
{
"name": "DSA-1734",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1734"
},
{
"name": "34377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34377"
},
{
"name": "36074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36074"
},
{
"name": "FEDORA-2009-2267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34052"
},
{
"name": "[opensc-announce] 20090226 OpenSC Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html"
},
{
"name": "GLSA-200908-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34120"
},
{
"name": "33922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33922"
},
{
"name": "opensc-pkcs-unauth-access(48958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48958"
},
{
"name": "34362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34362"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "FEDORA-2009-2266",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html"
},
{
"name": "[oss-security] 20090226 OpenSC Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/02/26/1"
},
{
"name": "DSA-1734",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1734"
},
{
"name": "34377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34377"
},
{
"name": "36074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36074"
},
{
"name": "FEDORA-2009-2267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34052"
},
{
"name": "[opensc-announce] 20090226 OpenSC Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html"
},
{
"name": "GLSA-200908-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34120"
},
{
"name": "33922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33922"
},
{
"name": "opensc-pkcs-unauth-access(48958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48958"
},
{
"name": "34362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34362"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "FEDORA-2009-2266",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html"
},
{
"name": "[oss-security] 20090226 OpenSC Security Advisory",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/02/26/1"
},
{
"name": "DSA-1734",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1734"
},
{
"name": "34377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34377"
},
{
"name": "36074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36074"
},
{
"name": "FEDORA-2009-2267",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34052"
},
{
"name": "[opensc-announce] 20090226 OpenSC Security Advisory",
"refsource": "MLIST",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html"
},
{
"name": "GLSA-200908-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0368",
"datePublished": "2009-03-02T22:00:00",
"dateReserved": "2009-01-29T00:00:00",
"dateUpdated": "2024-08-07T04:31:26.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1603 (GCVE-0-2009-1603)
Vulnerability from cvelistv5
Published
2009-05-11 16:00
Modified
2024-08-07 05:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1295",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1295"
},
{
"name": "35293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35293"
},
{
"name": "FEDORA-2009-4919",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"name": "[oss-security] 20090508 OpenSC 0.11.8 released with security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"name": "FEDORA-2009-4967",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"name": "FEDORA-2009-4928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"name": "36074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36074"
},
{
"name": "MDVSA-2009:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"name": "FEDORA-2009-4883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
},
{
"name": "35035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35035"
},
{
"name": "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"name": "GLSA-200908-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"name": "35309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1295",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1295"
},
{
"name": "35293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35293"
},
{
"name": "FEDORA-2009-4919",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"name": "[oss-security] 20090508 OpenSC 0.11.8 released with security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"name": "FEDORA-2009-4967",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"name": "FEDORA-2009-4928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"name": "36074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36074"
},
{
"name": "MDVSA-2009:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"name": "FEDORA-2009-4883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
},
{
"name": "35035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35035"
},
{
"name": "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"name": "GLSA-200908-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"name": "35309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35309"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1295",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1295"
},
{
"name": "35293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35293"
},
{
"name": "FEDORA-2009-4919",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"name": "[oss-security] 20090508 OpenSC 0.11.8 released with security update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"name": "FEDORA-2009-4967",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"name": "FEDORA-2009-4928",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"name": "36074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36074"
},
{
"name": "MDVSA-2009:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"name": "FEDORA-2009-4883",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
},
{
"name": "35035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35035"
},
{
"name": "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update",
"refsource": "MLIST",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"name": "GLSA-200908-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"name": "35309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35309"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1603",
"datePublished": "2009-05-11T16:00:00",
"dateReserved": "2009-05-11T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3972 (GCVE-0-2008-3972)
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "opensc-pkcs15tool-weak-security(45045)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045"
},
{
"name": "34362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34362"
},
{
"name": "FEDORA-2009-2267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "[oss-security] 20080909 Re: opensc 0.11.6 with fixed security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/14"
},
{
"name": "[opensc-announce] 20080827 opensc 0.11.6 with fixed security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html"
},
{
"name": "32099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card\u0027s label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "opensc-pkcs15tool-weak-security(45045)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045"
},
{
"name": "34362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34362"
},
{
"name": "FEDORA-2009-2267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "[oss-security] 20080909 Re: opensc 0.11.6 with fixed security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/14"
},
{
"name": "[opensc-announce] 20080827 opensc 0.11.6 with fixed security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html"
},
{
"name": "32099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card\u0027s label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "opensc-pkcs15tool-weak-security(45045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045"
},
{
"name": "34362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34362"
},
{
"name": "FEDORA-2009-2267",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"name": "[oss-security] 20080909 Re: opensc 0.11.6 with fixed security update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/14"
},
{
"name": "[opensc-announce] 20080827 opensc 0.11.6 with fixed security update",
"refsource": "MLIST",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html"
},
{
"name": "32099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3972",
"datePublished": "2008-09-10T15:00:00",
"dateReserved": "2008-09-09T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4523 (GCVE-0-2010-4523)
Vulnerability from cvelistv5
Published
2011-01-07 19:00
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "[oss-security] 20101222 Re: CVE request: opensc buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.opensc-project.org/opensc/changeset/4913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427"
},
{
"name": "MDVSA-2011:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:011"
},
{
"name": "FEDORA-2010-19193",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664831"
},
{
"name": "42807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2011-0109",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0109"
},
{
"name": "42658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42658"
},
{
"name": "ADV-2011-0009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483"
},
{
"name": "FEDORA-2010-19192",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html"
},
{
"name": "[oss-security] 20101221 CVE request: opensc buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/2"
},
{
"name": "45435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-21T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "[oss-security] 20101222 Re: CVE request: opensc buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.opensc-project.org/opensc/changeset/4913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427"
},
{
"name": "MDVSA-2011:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:011"
},
{
"name": "FEDORA-2010-19193",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664831"
},
{
"name": "42807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2011-0109",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0109"
},
{
"name": "42658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42658"
},
{
"name": "ADV-2011-0009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483"
},
{
"name": "FEDORA-2010-19192",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html"
},
{
"name": "[oss-security] 20101221 CVE request: opensc buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/2"
},
{
"name": "45435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45435"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4523",
"datePublished": "2011-01-07T19:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-03-02 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/02/26/1 | Patch | |
| cve@mitre.org | http://secunia.com/advisories/34052 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34120 | ||
| cve@mitre.org | http://secunia.com/advisories/34362 | ||
| cve@mitre.org | http://secunia.com/advisories/34377 | ||
| cve@mitre.org | http://secunia.com/advisories/35065 | ||
| cve@mitre.org | http://secunia.com/advisories/36074 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200908-01.xml | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1734 | ||
| cve@mitre.org | http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/33922 | Exploit, Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/48958 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/02/26/1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34052 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34120 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34362 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200908-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1734 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33922 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48958 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensc-project | opensc | * | |
| opensc-project | opensc | 0.3.2 | |
| opensc-project | opensc | 0.3.5 | |
| opensc-project | opensc | 0.4.0 | |
| opensc-project | opensc | 0.5.0 | |
| opensc-project | opensc | 0.6.0 | |
| opensc-project | opensc | 0.6.1 | |
| opensc-project | opensc | 0.7.0 | |
| opensc-project | opensc | 0.8 | |
| opensc-project | opensc | 0.8.0 | |
| opensc-project | opensc | 0.8.0.0 | |
| opensc-project | opensc | 0.8.1 | |
| opensc-project | opensc | 0.9 | |
| opensc-project | opensc | 0.9.2 | |
| opensc-project | opensc | 0.9.3 | |
| opensc-project | opensc | 0.9.4 | |
| opensc-project | opensc | 0.9.5 | |
| opensc-project | opensc | 0.9.6 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.8 | |
| opensc-project | opensc | 0.10.0 | |
| opensc-project | opensc | 0.10.1 | |
| opensc-project | opensc | 0.11.0 | |
| opensc-project | opensc | 0.11.1 | |
| opensc-project | opensc | 0.11.2 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.4 | |
| opensc-project | opensc | 0.11.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensc-project:opensc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA45D6B-A77B-46F1-89E1-7E42F017D412",
"versionEndIncluding": "0.11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D734B35-BA7F-4219-98DA-FCD55E5A37C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349D5BCA-885C-4948-838E-E3904E49598E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "471DBF4E-54B8-4776-A0BA-0F65FE02192E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC7891E-1898-442A-96BB-5B8EE5A5B400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4321E6-1D08-489C-948F-2673C30D762C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8498096A-19A9-4C09-99C3-CC1C45D6BA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5028CF13-2807-4813-A542-A1CD6E735CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD4CB51-068C-4AD2-94AC-59DE20A2AB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE75F1ED-E653-482C-B960-42DA2854E974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8CA0B8-AC3B-4D0F-854D-EDF285EC01CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "931CE287-97AF-4B73-BA57-FB9B9AAA7016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA979A3-A34F-4813-8489-C1985E22A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04701B8B-523A-4148-805C-419336D91CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2194636B-7F74-4EC2-A02F-CE0F29914D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D617E6-4EEC-4024-92D7-930F9A90F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "428986EC-328E-49F8-AAE7-EECD97F6B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A64E85D-B1A7-48FB-8438-8173249ED817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "940151B8-6466-43D7-A7EB-A28F13DA5B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*",
"matchCriteriaId": "0BE84E1D-F765-49E6-84E2-6831A535B67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*",
"matchCriteriaId": "CE85FABD-20F0-4308-B240-0E460E85CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3752BA88-CA7A-4B79-96C4-A5EC9A6C2AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13234C4B-7598-46B1-A8F0-7C0C863DE4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC7C1A0-83AA-4989-A023-0B22B95133B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B093D7C9-242E-4CC7-9971-71D9AE19A7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "353AFA23-88C0-45AA-B9EF-EF7A4DC6AFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2024C5-238A-4734-B8C6-D4F99EEFBC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF611D89-FA24-4421-A8A8-5290629C81D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
"matchCriteriaId": "0ECCFF79-6515-42F8-B986-4C06BE1F79D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A74B19CB-8AFB-4A07-9A84-063BFF47E089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8F0F04-489E-41A6-B77B-133AC9FC64A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program."
},
{
"lang": "es",
"value": "Vulnerabilidad en OpenSC en versiones anteriores a v0.11.7 que permite a atacantes pr\u00f3ximos f\u00edsicamente evitar los requisitos de autenticaci\u00f3n/validaci\u00f3n de PIN a trav\u00e9s de (1) el comando APDU de bajo nivel o (2) una herramienta de depuraci\u00f3n de errores, como se ha demostrado leyendo el fichero 4601 o 4701 con el programa opensc-explorer o opensc-tool."
}
],
"id": "CVE-2009-0368",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-02T22:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/02/26/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34052"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34377"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36074"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1734"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33922"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48958"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/02/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-07 20:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 | Exploit, Patch | |
| secalert@redhat.com | http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf | Exploit, Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2010/12/21/2 | Exploit, Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2010/12/22/3 | Exploit, Patch | |
| secalert@redhat.com | http://secunia.com/advisories/42658 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/42807 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/43068 | ||
| secalert@redhat.com | http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html | Patch | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:011 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/45435 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0009 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0109 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0212 | ||
| secalert@redhat.com | https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 | Patch | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=664831 | Exploit, Patch | |
| secalert@redhat.com | https://www.opensc-project.org/opensc/changeset/4913 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2010/12/21/2 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2010/12/22/3 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42807 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43068 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45435 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0009 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0109 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0212 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=664831 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.opensc-project.org/opensc/changeset/4913 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensc-project | opensc | * | |
| opensc-project | opensc | 0.3.2 | |
| opensc-project | opensc | 0.3.5 | |
| opensc-project | opensc | 0.4.0 | |
| opensc-project | opensc | 0.5.0 | |
| opensc-project | opensc | 0.6.0 | |
| opensc-project | opensc | 0.6.1 | |
| opensc-project | opensc | 0.7.0 | |
| opensc-project | opensc | 0.8 | |
| opensc-project | opensc | 0.8.0 | |
| opensc-project | opensc | 0.8.0.0 | |
| opensc-project | opensc | 0.8.1 | |
| opensc-project | opensc | 0.9 | |
| opensc-project | opensc | 0.9.2 | |
| opensc-project | opensc | 0.9.3 | |
| opensc-project | opensc | 0.9.4 | |
| opensc-project | opensc | 0.9.5 | |
| opensc-project | opensc | 0.9.6 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.8 | |
| opensc-project | opensc | 0.10.0 | |
| opensc-project | opensc | 0.10.1 | |
| opensc-project | opensc | 0.11.0 | |
| opensc-project | opensc | 0.11.1 | |
| opensc-project | opensc | 0.11.2 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.4 | |
| opensc-project | opensc | 0.11.5 | |
| opensc-project | opensc | 0.11.6 | |
| opensc-project | opensc | 0.11.7 | |
| opensc-project | opensc | 0.11.8 | |
| opensc-project | opensc | 0.11.9 | |
| opensc-project | opensc | 0.11.10 | |
| opensc-project | opensc | 0.11.11 | |
| opensc-project | opensc | 0.11.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensc-project:opensc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAE12FF-3D38-4326-AEA8-CC5EB7E04A7F",
"versionEndIncluding": "0.11.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D734B35-BA7F-4219-98DA-FCD55E5A37C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349D5BCA-885C-4948-838E-E3904E49598E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "471DBF4E-54B8-4776-A0BA-0F65FE02192E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC7891E-1898-442A-96BB-5B8EE5A5B400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4321E6-1D08-489C-948F-2673C30D762C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8498096A-19A9-4C09-99C3-CC1C45D6BA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5028CF13-2807-4813-A542-A1CD6E735CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD4CB51-068C-4AD2-94AC-59DE20A2AB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE75F1ED-E653-482C-B960-42DA2854E974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8CA0B8-AC3B-4D0F-854D-EDF285EC01CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "931CE287-97AF-4B73-BA57-FB9B9AAA7016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA979A3-A34F-4813-8489-C1985E22A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04701B8B-523A-4148-805C-419336D91CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2194636B-7F74-4EC2-A02F-CE0F29914D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D617E6-4EEC-4024-92D7-930F9A90F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "428986EC-328E-49F8-AAE7-EECD97F6B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A64E85D-B1A7-48FB-8438-8173249ED817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "940151B8-6466-43D7-A7EB-A28F13DA5B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*",
"matchCriteriaId": "0BE84E1D-F765-49E6-84E2-6831A535B67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*",
"matchCriteriaId": "CE85FABD-20F0-4308-B240-0E460E85CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3752BA88-CA7A-4B79-96C4-A5EC9A6C2AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13234C4B-7598-46B1-A8F0-7C0C863DE4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC7C1A0-83AA-4989-A023-0B22B95133B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B093D7C9-242E-4CC7-9971-71D9AE19A7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "353AFA23-88C0-45AA-B9EF-EF7A4DC6AFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2024C5-238A-4734-B8C6-D4F99EEFBC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF611D89-FA24-4421-A8A8-5290629C81D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
"matchCriteriaId": "0ECCFF79-6515-42F8-B986-4C06BE1F79D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A74B19CB-8AFB-4A07-9A84-063BFF47E089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8F0F04-489E-41A6-B77B-133AC9FC64A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD63B8-FB87-4E35-A842-A20E8E6DE1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD15A8-CAB8-4C9C-896B-FB59465FCB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "24D1226F-8A07-4498-B91B-97016A1F0B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1B31E5-90C7-4B47-A883-EC9F355817AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1CFF97-B3BD-4EFC-9ED5-3DE89D4850C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD84B8C-999A-4E03-9359-1765BFE5FA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A096B3E-A2E2-4D80-9864-E6B41B437DE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en libopensc en OpenSC v0.11.13 y anteriores permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo largo serial-number de una tarjeta inteligente, relacionado con (1) card-acos5.c, (2) card-atrust-acos.c, y (3) card-starcos.c."
}
],
"id": "CVE-2010-4523",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-07T20:00:04.733",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42807"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:011"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45435"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0009"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0109"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664831"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.opensc-project.org/opensc/changeset/4913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.opensc-project.org/opensc/changeset/4913"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-01 14:41
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/31330 | ||
| cve@mitre.org | http://secunia.com/advisories/31360 | ||
| cve@mitre.org | http://secunia.com/advisories/32099 | ||
| cve@mitre.org | http://secunia.com/advisories/33115 | ||
| cve@mitre.org | http://secunia.com/advisories/34362 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200812-09.xml | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 | ||
| cve@mitre.org | http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html | ||
| cve@mitre.org | http://www.opensc-project.org/security.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/30473 | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44140 | ||
| cve@mitre.org | https://www.debian.org/security/2008/dsa-1627 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31330 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34362 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200812-09.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opensc-project.org/security.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30473 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44140 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2008/dsa-1627 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | cardos | m4 | |
| opensc-project | opensc | 0.3.2 | |
| opensc-project | opensc | 0.3.5 | |
| opensc-project | opensc | 0.4.0 | |
| opensc-project | opensc | 0.6.0 | |
| opensc-project | opensc | 0.6.1 | |
| opensc-project | opensc | 0.7.0 | |
| opensc-project | opensc | 0.8 | |
| opensc-project | opensc | 0.8.0.0 | |
| opensc-project | opensc | 0.8.1 | |
| opensc-project | opensc | 0.9 | |
| opensc-project | opensc | 0.9.6 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.7 | |
| opensc-project | opensc | 0.9.8 | |
| opensc-project | opensc | 0.11.0 | |
| opensc-project | opensc | 0.11.1 | |
| opensc-project | opensc | 0.11.2 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8B710-EAF0-4381-B1C5-B2EAA91737DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D734B35-BA7F-4219-98DA-FCD55E5A37C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349D5BCA-885C-4948-838E-E3904E49598E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "471DBF4E-54B8-4776-A0BA-0F65FE02192E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4321E6-1D08-489C-948F-2673C30D762C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8498096A-19A9-4C09-99C3-CC1C45D6BA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5028CF13-2807-4813-A542-A1CD6E735CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD4CB51-068C-4AD2-94AC-59DE20A2AB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8CA0B8-AC3B-4D0F-854D-EDF285EC01CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "931CE287-97AF-4B73-BA57-FB9B9AAA7016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA979A3-A34F-4813-8489-C1985E22A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A64E85D-B1A7-48FB-8438-8173249ED817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "940151B8-6466-43D7-A7EB-A28F13DA5B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*",
"matchCriteriaId": "0BE84E1D-F765-49E6-84E2-6831A535B67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*",
"matchCriteriaId": "CE85FABD-20F0-4308-B240-0E460E85CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3752BA88-CA7A-4B79-96C4-A5EC9A6C2AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B093D7C9-242E-4CC7-9971-71D9AE19A7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "353AFA23-88C0-45AA-B9EF-EF7A4DC6AFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2024C5-238A-4734-B8C6-D4F99EEFBC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF611D89-FA24-4421-A8A8-5290629C81D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
"matchCriteriaId": "0ECCFF79-6515-42F8-B986-4C06BE1F79D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A74B19CB-8AFB-4A07-9A84-063BFF47E089",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
},
{
"lang": "es",
"value": "OpenSC anterior a 0.11.5 usa permisos d\u00e9biles (archivo de control de informaci\u00f3n ADMIN de 00) para el directorio 5015 en smart cards y crypto tokens USB ejecut\u00e1ndose Siemens CardOS M4, que permite a atacantes pr\u00f3ximos f\u00edsicamente cambiar el PIN."
}
],
"id": "CVE-2008-2235",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-01T14:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31330"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31360"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32099"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33115"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34362"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
},
{
"source": "cve@mitre.org",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.opensc-project.org/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30473"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2008/dsa-1627"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opensc-project.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2008/dsa-1627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Siemens has analyzed this report and states that no security breach can be found in the Siemens CardOS M4 itself and it thus does not relate to any Siemens component. The reported vulnerability (caused by inappropriate personalization) is due to an issue in the OPENSC middleware detailed information can be found under http://www.opensc-project.org/security.html. \n\nTherefore, Siemens recommends all customers and partners using OPENSC to use either the current version 0.11.5 of OPENSC in which this vulnerability is fixed or to use the bug fix suggested under http://freshmeat.net/articles/view/3333/. \n\nWe hope that we could help you with this recommendation. \n\nIf you have further questions, please contact the Siemens CardOS hotline under:\n\nscs-support.med@siemens.com\n\nPhone: +49 89 636 35996 (Mo.-Fr. 9:00-17:00 German time)\n\n",
"lastModified": "2008-08-14T00:00:00",
"organization": "Siemens"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2025-04-09 00:30
Severity ?
Summary
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html | ||
| cve@mitre.org | http://secunia.com/advisories/32099 | ||
| cve@mitre.org | http://secunia.com/advisories/34362 | ||
| cve@mitre.org | http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2008/09/09/14 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/45045 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34362 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/09/09/14 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensc-project | opensc | * | |
| opensc-project | opensc | 0.4.0 | |
| opensc-project | opensc | 0.5.0 | |
| opensc-project | opensc | 0.6.0 | |
| opensc-project | opensc | 0.6.1 | |
| opensc-project | opensc | 0.7.0 | |
| opensc-project | opensc | 0.8.0 | |
| opensc-project | opensc | 0.8.1 | |
| opensc-project | opensc | 0.9.2 | |
| opensc-project | opensc | 0.9.3 | |
| opensc-project | opensc | 0.9.4 | |
| opensc-project | opensc | 0.9.5 | |
| opensc-project | opensc | 0.9.6 | |
| opensc-project | opensc | 0.10.0 | |
| opensc-project | opensc | 0.10.1 | |
| opensc-project | opensc | 0.11.0 | |
| opensc-project | opensc | 0.11.1 | |
| opensc-project | opensc | 0.11.2 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.3 | |
| opensc-project | opensc | 0.11.4 | |
| siemens | cardos | m4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensc-project:opensc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5385FB-359D-4A1D-9CC7-803536F497CE",
"versionEndIncluding": "0.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "471DBF4E-54B8-4776-A0BA-0F65FE02192E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC7891E-1898-442A-96BB-5B8EE5A5B400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4321E6-1D08-489C-948F-2673C30D762C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8498096A-19A9-4C09-99C3-CC1C45D6BA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5028CF13-2807-4813-A542-A1CD6E735CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE75F1ED-E653-482C-B960-42DA2854E974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "931CE287-97AF-4B73-BA57-FB9B9AAA7016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04701B8B-523A-4148-805C-419336D91CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2194636B-7F74-4EC2-A02F-CE0F29914D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D617E6-4EEC-4024-92D7-930F9A90F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "428986EC-328E-49F8-AAE7-EECD97F6B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A64E85D-B1A7-48FB-8438-8173249ED817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13234C4B-7598-46B1-A8F0-7C0C863DE4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC7C1A0-83AA-4989-A023-0B22B95133B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B093D7C9-242E-4CC7-9971-71D9AE19A7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "353AFA23-88C0-45AA-B9EF-EF7A4DC6AFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2024C5-238A-4734-B8C6-D4F99EEFBC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF611D89-FA24-4421-A8A8-5290629C81D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
"matchCriteriaId": "0ECCFF79-6515-42F8-B986-4C06BE1F79D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A74B19CB-8AFB-4A07-9A84-063BFF47E089",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8B710-EAF0-4381-B1C5-B2EAA91737DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card\u0027s label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235."
},
{
"lang": "es",
"value": "pkcs15-tool en OpenSC antes de 0.11.6 no aplica las actualizaciones de seguridad a una tarjeta inteligente a menos que la etiqueta de la tarjeta corresponda con la cadena \"OpenSC\", lo que podr\u00eda permitir a atacantes f\u00edsicamente pr\u00f3ximos explotar vulnerabilidades que el propietario de la tarjeta cre\u00eda que estaban parcheadas, como se demostr\u00f3 con la explotaci\u00f3n de CVE-2008-2235."
}
],
"evaluatorSolution": "Direct Patch Link - http://www.opensc-project.org/files/opensc/opensc-0.11.6.tar.gz",
"id": "CVE-2008-3972",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-11T01:13:47.807",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32099"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34362"
},
{
"source": "cve@mitre.org",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/14"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-11 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/35035 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35293 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35309 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/36074 | Broken Link | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200908-01.xml | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:123 | Broken Link | |
| cve@mitre.org | http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html | Broken Link | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/05/08/1 | Mailing List, Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1295 | Broken Link | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html | Mailing List | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html | Mailing List | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html | Mailing List | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35035 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35293 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35309 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36074 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200908-01.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:123 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/05/08/1 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1295 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensc-project | opensc | 0.11.7 | |
| fedoraproject | fedora | 9 | |
| fedoraproject | fedora | 10 | |
| fedoraproject | fedora | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensc-project:opensc:0.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD15A8-CAB8-4C9C-896B-FB59465FCB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted."
},
{
"lang": "es",
"value": "Vulnerabilidad en src/tools/pkcs11-tool.c en pkcs11-tool de OpenSC v0.11.7. Cuando se utiliza con modulos PKCS#11 de terceras partes sin especificar, genera claves RSA con exponentes p\u00fablicos incorrectos, lo que permite a usuarios remotos leer en texto claro mensajes que se pretendi\u00f3 que fueran encriptados."
}
],
"id": "CVE-2009-1603",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-05-11T16:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35035"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35293"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35309"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36074"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1295"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}