Vulnerabilities > CVE-2009-0368 - Cryptographic Issues vulnerability in Opensc-Project Opensc
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Exploit-Db
description | OpenSC 0.11.x PKCS#11 Implementation Unauthorized Access Vulnerability. CVE-2009-0368. Local exploit for linux platform |
id | EDB-ID:32820 |
last seen | 2016-02-03 |
modified | 2009-02-26 |
published | 2009-02-26 |
reporter | Andreas Jellinghaus |
source | https://www.exploit-db.com/download/32820/ |
title | OpenSC 0.11.x PKCS#11 Implementation Unauthorized Access Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1734.NASL description b.badrignans discovered that OpenSC, a set of smart card utilities, could stores private data on a smart card without proper access restrictions. Only blank cards initialised with OpenSC are affected by this problem. This update only improves creating new private data objects, but cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. Instructions for a variety of situations can be found at the OpenSC website: http://www.opensc-project.org/security.html The oldstable distribution (etch) is not affected by this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 35790 published 2009-03-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35790 title Debian DSA-1734-1 : opensc - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1734. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(35790); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2009-0368"); script_bugtraq_id(33922); script_xref(name:"DSA", value:"1734"); script_name(english:"Debian DSA-1734-1 : opensc - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "b.badrignans discovered that OpenSC, a set of smart card utilities, could stores private data on a smart card without proper access restrictions. Only blank cards initialised with OpenSC are affected by this problem. This update only improves creating new private data objects, but cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. Instructions for a variety of situations can be found at the OpenSC website: http://www.opensc-project.org/security.html The oldstable distribution (etch) is not affected by this problem." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1734" ); script_set_attribute( attribute:"solution", value: "Upgrade the opensc package and recreate any private data objects stored on the smart cards. For the stable distribution (lenny), this problem has been fixed in version 0.11.4-5+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"libopensc2", reference:"0.11.4-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libopensc2-dbg", reference:"0.11.4-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libopensc2-dev", reference:"0.11.4-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"mozilla-opensc", reference:"0.11.4-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"opensc", reference:"0.11.4-5+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200908-01.NASL description The remote host is affected by the vulnerability described in GLSA-200908-01 (OpenSC: Multiple vulnerabilities) Multiple vulnerabilities were found in OpenSC: b.badrignans discovered that OpenSC incorrectly initialises private data objects (CVE-2009-0368). Miquel Comas Marti discovered that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents (CVE-2009-1603). Impact : The first vulnerability allows physically proximate attackers to bypass intended PIN requirements and read private data objects. The second vulnerability allows attackers to read the cleartext form of messages that were intended to be encrypted. NOTE: Smart cards which were initialised using an affected version of OpenSC need to be modified or re-initialised. See the vendor last seen 2020-06-01 modified 2020-06-02 plugin id 40462 published 2009-08-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40462 title GLSA-200908-01 : OpenSC: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2009-2266.NASL description Security update fixing CVE-2009-0368. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37543 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37543 title Fedora 10 : opensc-0.11.7-1.fc10 (2009-2266) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2267.NASL description Security update fixing CVE-2008-3972, CVE-2008-2235, and CVE-2009-0368. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35959 published 2009-03-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35959 title Fedora 9 : opensc-0.11.7-1.fc9 (2009-2267) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSC2-090317.NASL description Private data objects on smartcards initialized with OpenSC could be accessed without authentication. (CVE-2009-0368) Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories last seen 2020-06-01 modified 2020-06-02 plugin id 41422 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41422 title SuSE 11 Security Update : OpenSC (SAT Patch Number 641) NASL family SuSE Local Security Checks NASL id SUSE_OPENSC-6053.NASL description Private data objects on smartcards initialized with OpenSC could be accessed without authentication. (CVE-2009-0368) Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories last seen 2020-06-01 modified 2020-06-02 plugin id 41568 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41568 title SuSE 10 Security Update : OpenSC (ZYPP Patch Number 6053) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-089.NASL description OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix the issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36781 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36781 title Mandriva Linux Security Advisory : opensc (MDVSA-2009:089) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBOPENSC2-090309.NASL description Private data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories last seen 2020-06-01 modified 2020-06-02 plugin id 40031 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40031 title openSUSE Security Update : libopensc2 (libopensc2-598) NASL family SuSE Local Security Checks NASL id SUSE_LIBOPENSC2-6071.NASL description Private data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories last seen 2020-06-01 modified 2020-06-02 plugin id 38662 published 2009-05-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38662 title openSUSE 10 Security Update : libopensc2 (libopensc2-6071) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBOPENSC2-090309.NASL description Private data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories last seen 2020-06-01 modified 2020-06-02 plugin id 40258 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40258 title openSUSE Security Update : libopensc2 (libopensc2-598)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://openwall.com/lists/oss-security/2009/02/26/1
- http://openwall.com/lists/oss-security/2009/02/26/1
- http://secunia.com/advisories/34052
- http://secunia.com/advisories/34052
- http://secunia.com/advisories/34120
- http://secunia.com/advisories/34120
- http://secunia.com/advisories/34362
- http://secunia.com/advisories/34362
- http://secunia.com/advisories/34377
- http://secunia.com/advisories/34377
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/36074
- http://secunia.com/advisories/36074
- http://security.gentoo.org/glsa/glsa-200908-01.xml
- http://security.gentoo.org/glsa/glsa-200908-01.xml
- http://www.debian.org/security/2009/dsa-1734
- http://www.debian.org/security/2009/dsa-1734
- http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html
- http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html
- http://www.securityfocus.com/bid/33922
- http://www.securityfocus.com/bid/33922
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48958
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html