Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900639
Kategorie:Privilege escalation
Titel:OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability
Zusammenfassung:This host is installed with OpenSC and is prone to an insecure key; generation vulnerability.
Beschreibung:Summary:
This host is installed with OpenSC and is prone to an insecure key
generation vulnerability.

Vulnerability Insight:
Security issues are due to,

- a tool that starts a key generation with public exponent set to 1, an
invalid value that causes an insecure RSA key.

- a PKCS#11 module that accepts that this public exponent and forwards it
to the card.

- a card that accepts the public exponent and generates the rsa key.

Vulnerability Impact:
Successful exploitation will allow attacker to obtain the sensitive
information or gain unauthorized access to the smartcard.

Affected Software/OS:
OpenSC version prior to 0.11.8 on Linux.

Solution:
Upgrade to OpenSC version 0.11.8 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Querverweis: BugTraq ID: 34884
Common Vulnerability Exposure (CVE) ID: CVE-2009-1603
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
http://security.gentoo.org/glsa/glsa-200908-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.openwall.com/lists/oss-security/2009/05/08/1
http://secunia.com/advisories/35035
http://secunia.com/advisories/35293
http://secunia.com/advisories/35309
http://secunia.com/advisories/36074
http://www.vupen.com/english/advisories/2009/1295
CopyrightCopyright (C) 2009 SecPod

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.