Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0368

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2009-0368
Last Modified 27 Apr 2010 01:48:55
Published 02 Mar 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0368

Summary

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

Vulnerable Systems

Application

  • Opensc-project Opensc 0.10.0

  • Opensc-project Opensc 0.10.1

  • Opensc-project Opensc 0.11.0

  • Opensc-project Opensc 0.11.1

  • Opensc-project Opensc 0.11.2

  • Opensc-project Opensc 0.11.3

  • Opensc-project Opensc 0.11.4

  • Opensc-project Opensc 0.11.5

  • Opensc-project Opensc 0.11.6

  • Opensc-project Opensc 0.3.2

  • Opensc-project Opensc 0.3.5

  • Opensc-project Opensc 0.4.0

  • Opensc-project Opensc 0.5.0

  • Opensc-project Opensc 0.6.0

  • Opensc-project Opensc 0.6.1

  • Opensc-project Opensc 0.7.0

  • Opensc-project Opensc 0.8

  • Opensc-project Opensc 0.8.0

  • Opensc-project Opensc 0.8.0.0

  • Opensc-project Opensc 0.8.1

  • Opensc-project Opensc 0.9

  • Opensc-project Opensc 0.9.2

  • Opensc-project Opensc 0.9.3

  • Opensc-project Opensc 0.9.4

  • Opensc-project Opensc 0.9.5

  • Opensc-project Opensc 0.9.6

  • Opensc-project Opensc 0.9.7

  • Opensc-project Opensc 0.9.8


References

BID - 33922

MLIST - [oss-security] 20090226 OpenSC Security Advisory

FEDORA - FEDORA-2009-2267

FEDORA - FEDORA-2009-2266

XF - opensc-pkcs-unauth-access(48958)

MLIST - [opensc-announce] 20090226 OpenSC Security Advisory

DEBIAN - DSA-1734

GENTOO - GLSA-200908-01

SECUNIA - 36074

SECUNIA - 35065

SECUNIA - 34377

SECUNIA - 34362

SECUNIA - 34120

SECUNIA - 34052

SUSE - SUSE-SR:2009:010

Related Patches

Novell SUSE 2009:6053 opensc security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:14