Published: 02/03/2009 Updated: 08/08/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

OpenSC prior to 0.11.7 allows physically proximate malicious users to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc-project opensc 0.9.2
opensc-project opensc 0.11.4
opensc-project opensc 0.11.0
opensc-project opensc 0.9
opensc-project opensc 0.8.0.0
opensc-project opensc 0.9.7
opensc-project opensc
opensc-project opensc 0.11.5
opensc-project opensc 0.8.0
opensc-project opensc 0.5.0
opensc-project opensc 0.10.0
opensc-project opensc 0.9.8
opensc-project opensc 0.9.6
opensc-project opensc 0.7.0
opensc-project opensc 0.3.5
opensc-project opensc 0.9.4
opensc-project opensc 0.9.3
opensc-project opensc 0.11.2
opensc-project opensc 0.11.1
opensc-project opensc 0.8.1
opensc-project opensc 0.6.1
opensc-project opensc 0.3.2
opensc-project opensc 0.10.1
opensc-project opensc 0.9.5
opensc-project opensc 0.11.3
opensc-project opensc 0.8
opensc-project opensc 0.4.0
opensc-project opensc 0.6.0

bbadrignans discovered that OpenSC, a set of smart card utilities, could stores private data on a smart card without proper access restrictions Only blank cards initialised with OpenSC are affected by this problem This update only improves creating new private data objects, but cards already initialised with such private data objects need to be ...

source: wwwsecurityfocuscom/bid/33922/info OpenSC is prone to an unauthorized-access vulnerability Attackers can exploit this issue to gain unauthorized access to private data, which may lead to other attacks Versions prior to OpenSC 0117 are vulnerable The following proof of concept is available: create a file with a secret: ec ...

CWE-310 http://secunia.com/advisories/34052 http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html http://www.securityfocus.com/bid/33922 http://openwall.com/lists/oss-security/2009/02/26/1 http://secunia.com/advisories/34377 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html http://secunia.com/advisories/34362 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/35065 http://security.gentoo.org/glsa/glsa-200908-01.xml http://secunia.com/advisories/36074 http://secunia.com/advisories/34120 http://www.debian.org/security/2009/dsa-1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/48958 https://nvd.nist.gov https://www.debian.org/security/./dsa-1734 https://www.exploit-db.com/exploits/32820/

CVE-2009-0368

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect