Vulnerabilities > CVE-2009-0368 - Cryptographic Issues vulnerability in Opensc-Project Opensc

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
opensc-project
CWE-310
nessus
exploit available

Summary

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionOpenSC 0.11.x PKCS#11 Implementation Unauthorized Access Vulnerability. CVE-2009-0368. Local exploit for linux platform
idEDB-ID:32820
last seen2016-02-03
modified2009-02-26
published2009-02-26
reporterAndreas Jellinghaus
sourcehttps://www.exploit-db.com/download/32820/
titleOpenSC 0.11.x PKCS#11 Implementation Unauthorized Access Vulnerability

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1734.NASL
    descriptionb.badrignans discovered that OpenSC, a set of smart card utilities, could stores private data on a smart card without proper access restrictions. Only blank cards initialised with OpenSC are affected by this problem. This update only improves creating new private data objects, but cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. Instructions for a variety of situations can be found at the OpenSC website: http://www.opensc-project.org/security.html The oldstable distribution (etch) is not affected by this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id35790
    published2009-03-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35790
    titleDebian DSA-1734-1 : opensc - programming error
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1734. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35790);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2009-0368");
      script_bugtraq_id(33922);
      script_xref(name:"DSA", value:"1734");
    
      script_name(english:"Debian DSA-1734-1 : opensc - programming error");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "b.badrignans discovered that OpenSC, a set of smart card utilities,
    could stores private data on a smart card without proper access
    restrictions.
    
    Only blank cards initialised with OpenSC are affected by this problem.
    This update only improves creating new private data objects, but cards
    already initialised with such private data objects need to be modified
    to repair the access control conditions on such cards. Instructions
    for a variety of situations can be found at the OpenSC website:
    http://www.opensc-project.org/security.html
    
    The oldstable distribution (etch) is not affected by this problem."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2009/dsa-1734"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the opensc package and recreate any private data objects
    stored on the smart cards.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.11.4-5+lenny1."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"libopensc2", reference:"0.11.4-5+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libopensc2-dbg", reference:"0.11.4-5+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libopensc2-dev", reference:"0.11.4-5+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"mozilla-opensc", reference:"0.11.4-5+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"opensc", reference:"0.11.4-5+lenny1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200908-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200908-01 (OpenSC: Multiple vulnerabilities) Multiple vulnerabilities were found in OpenSC: b.badrignans discovered that OpenSC incorrectly initialises private data objects (CVE-2009-0368). Miquel Comas Marti discovered that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents (CVE-2009-1603). Impact : The first vulnerability allows physically proximate attackers to bypass intended PIN requirements and read private data objects. The second vulnerability allows attackers to read the cleartext form of messages that were intended to be encrypted. NOTE: Smart cards which were initialised using an affected version of OpenSC need to be modified or re-initialised. See the vendor
    last seen2020-06-01
    modified2020-06-02
    plugin id40462
    published2009-08-03
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40462
    titleGLSA-200908-01 : OpenSC: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2266.NASL
    descriptionSecurity update fixing CVE-2009-0368. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37543
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37543
    titleFedora 10 : opensc-0.11.7-1.fc10 (2009-2266)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2267.NASL
    descriptionSecurity update fixing CVE-2008-3972, CVE-2008-2235, and CVE-2009-0368. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35959
    published2009-03-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35959
    titleFedora 9 : opensc-0.11.7-1.fc9 (2009-2267)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBOPENSC2-090317.NASL
    descriptionPrivate data objects on smartcards initialized with OpenSC could be accessed without authentication. (CVE-2009-0368) Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories
    last seen2020-06-01
    modified2020-06-02
    plugin id41422
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41422
    titleSuSE 11 Security Update : OpenSC (SAT Patch Number 641)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENSC-6053.NASL
    descriptionPrivate data objects on smartcards initialized with OpenSC could be accessed without authentication. (CVE-2009-0368) Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories
    last seen2020-06-01
    modified2020-06-02
    plugin id41568
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41568
    titleSuSE 10 Security Update : OpenSC (ZYPP Patch Number 6053)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-089.NASL
    descriptionOpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix the issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36781
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36781
    titleMandriva Linux Security Advisory : opensc (MDVSA-2009:089)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBOPENSC2-090309.NASL
    descriptionPrivate data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories
    last seen2020-06-01
    modified2020-06-02
    plugin id40031
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40031
    titleopenSUSE Security Update : libopensc2 (libopensc2-598)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBOPENSC2-6071.NASL
    descriptionPrivate data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories
    last seen2020-06-01
    modified2020-06-02
    plugin id38662
    published2009-05-01
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38662
    titleopenSUSE 10 Security Update : libopensc2 (libopensc2-6071)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBOPENSC2-090309.NASL
    descriptionPrivate data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following website if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories
    last seen2020-06-01
    modified2020-06-02
    plugin id40258
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40258
    titleopenSUSE Security Update : libopensc2 (libopensc2-598)

References