Vulnerabilities > CVE-2018-16424 - Double Free vulnerability in Opensc Project Opensc

047910
CVSS 6.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
opensc-project
CWE-415
nessus

Summary

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3629-1.NASL
    descriptionThis update for opensc fixes the following security issues : CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049) CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036) CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035) CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120156
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120156
    titleSUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2018:3629-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3629-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120156);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2018:3629-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for opensc fixes the following security issues :
    
    CVE-2018-16391: Fixed a denial of service when handling responses from
    a Muscle Card (bsc#1106998)
    
    CVE-2018-16392: Fixed a denial of service when handling responses from
    a TCOS Card (bsc#1106999)
    
    CVE-2018-16393: Fixed buffer overflows when handling responses from
    Gemsafe V1 Smartcards (bsc#1108318)
    
    CVE-2018-16418: Fixed buffer overflow when handling string
    concatenation in util_acl_to_str (bsc#1107039)
    
    CVE-2018-16419: Fixed several buffer overflows when handling responses
    from a Cryptoflex card (bsc#1107107)
    
    CVE-2018-16420: Fixed buffer overflows when handling responses from an
    ePass 2003 Card (bsc#1107097)
    
    CVE-2018-16421: Fixed buffer overflows when handling responses from a
    CAC Card (bsc#1107049)
    
    CVE-2018-16422: Fixed single byte buffer overflow when handling
    responses from an esteid Card (bsc#1107038)
    
    CVE-2018-16423: Fixed double free when handling responses from a
    smartcard (bsc#1107037)
    
    CVE-2018-16424: Fixed double free when handling responses in read_file
    (bsc#1107036)
    
    CVE-2018-16425: Fixed double free when handling responses from an HSM
    Card (bsc#1107035)
    
    CVE-2018-16426: Fixed endless recursion when handling responses from
    an IAS-ECC card (bsc#1107034)
    
    CVE-2018-16427: Fixed out of bounds reads when handling responses in
    OpenSC (bsc#1107033)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106998"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107037"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16391/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16392/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16393/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16418/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16419/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16420/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16421/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16422/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16423/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16424/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16425/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16426/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16427/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183629-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2883522c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2581=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16425");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:opensc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:opensc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:opensc-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", reference:"opensc-0.18.0-3.8.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"opensc-debuginfo-0.18.0-3.8.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"opensc-debugsource-0.18.0-3.8.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"opensc-0.18.0-3.8.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"opensc-debuginfo-0.18.0-3.8.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"opensc-debugsource-0.18.0-3.8.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1916.NASL
    descriptionSeveral security vulnerabilities were fixed in opensc, a set of libraries and utilities to access smart cards that support cryptographic operations. Out-of-bounds reads, buffer overflows and double frees could be used by attackers able to supply crafted smart cards to cause a denial of service (application crash) or possibly have unspecified other impact. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id128743
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128743
    titleDebian DLA-1916-1 : opensc security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1916-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128743);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/27");
    
      script_cve_id("CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427", "CVE-2019-15945", "CVE-2019-15946");
    
      script_name(english:"Debian DLA-1916-1 : opensc security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several security vulnerabilities were fixed in opensc, a set of
    libraries and utilities to access smart cards that support
    cryptographic operations.
    
    Out-of-bounds reads, buffer overflows and double frees could be used
    by attackers able to supply crafted smart cards to cause a denial of
    service (application crash) or possibly have unspecified other impact.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    0.16.0-3+deb8u1.
    
    We recommend that you upgrade your opensc packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/opensc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected opensc, and opensc-pkcs11 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensc-pkcs11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"opensc", reference:"0.16.0-3+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"opensc-pkcs11", reference:"0.16.0-3+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-D0DFF2ABAA.NASL
    descriptionSecurity fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120811
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120811
    titleFedora 28 : opensc (2018-d0dff2abaa)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-d0dff2abaa.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120811);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427");
      script_xref(name:"FEDORA", value:"2018-d0dff2abaa");
    
      script_name(english:"Fedora 28 : opensc (2018-d0dff2abaa)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420,
    CVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425,
    CVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d0dff2abaa"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected opensc package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16425");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"opensc-0.19.0-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1385.NASL
    descriptionThis update for opensc fixes the following security issues : - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036) - CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-11-10
    plugin id118881
    published2018-11-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118881
    titleopenSUSE Security Update : opensc (openSUSE-2018-1385)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1385.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118881);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427");
    
      script_name(english:"openSUSE Security Update : opensc (openSUSE-2018-1385)");
      script_summary(english:"Check for the openSUSE-2018-1385 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for opensc fixes the following security issues :
    
      - CVE-2018-16391: Fixed a denial of service when handling
        responses from a Muscle Card (bsc#1106998)
    
      - CVE-2018-16392: Fixed a denial of service when handling
        responses from a TCOS Card (bsc#1106999)
    
      - CVE-2018-16393: Fixed buffer overflows when handling
        responses from Gemsafe V1 Smartcards (bsc#1108318)
    
      - CVE-2018-16418: Fixed buffer overflow when handling
        string concatenation in util_acl_to_str (bsc#1107039)
    
      - CVE-2018-16419: Fixed several buffer overflows when
        handling responses from a Cryptoflex card (bsc#1107107)
    
      - CVE-2018-16420: Fixed buffer overflows when handling
        responses from an ePass 2003 Card (bsc#1107097)
    
      - CVE-2018-16421: Fixed buffer overflows when handling
        responses from a CAC Card (bsc#1107049)
    
      - CVE-2018-16422: Fixed single byte buffer overflow when
        handling responses from an esteid Card (bsc#1107038)
    
      - CVE-2018-16423: Fixed double free when handling
        responses from a smartcard (bsc#1107037)
    
      - CVE-2018-16424: Fixed double free when handling
        responses in read_file (bsc#1107036)
    
      - CVE-2018-16425: Fixed double free when handling
        responses from an HSM Card (bsc#1107035)
    
      - CVE-2018-16426: Fixed endless recursion when handling
        responses from an IAS-ECC card (bsc#1107034)
    
      - CVE-2018-16427: Fixed out of bounds reads when handling
        responses in OpenSC (bsc#1107033)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106998"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107037"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108318"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected opensc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opensc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opensc-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opensc-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opensc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opensc-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"opensc-0.18.0-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"opensc-debuginfo-0.18.0-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"opensc-debugsource-0.18.0-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"opensc-32bit-0.18.0-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"opensc-32bit-debuginfo-0.18.0-lp150.2.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensc / opensc-debuginfo / opensc-debugsource / opensc-32bit / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-FE4B72FA7D.NASL
    descriptionSecurity fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120937
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120937
    titleFedora 29 : opensc (2018-fe4b72fa7d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-fe4b72fa7d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120937);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427");
      script_xref(name:"FEDORA", value:"2018-fe4b72fa7d");
    
      script_name(english:"Fedora 29 : opensc (2018-fe4b72fa7d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420,
    CVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425,
    CVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe4b72fa7d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected opensc package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16425");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"opensc-0.19.0-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-904.NASL
    descriptionThis update for opensc fixes the following security issues : - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036) - CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123370
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123370
    titleopenSUSE Security Update : opensc (openSUSE-2019-904)