Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.900639
Categoría:Privilege escalation
Título:OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability
Resumen:This host is installed with OpenSC and is prone to an insecure key; generation vulnerability.
Descripción:Summary:
This host is installed with OpenSC and is prone to an insecure key
generation vulnerability.

Vulnerability Insight:
Security issues are due to,

- a tool that starts a key generation with public exponent set to 1, an
invalid value that causes an insecure RSA key.

- a PKCS#11 module that accepts that this public exponent and forwards it
to the card.

- a card that accepts the public exponent and generates the rsa key.

Vulnerability Impact:
Successful exploitation will allow attacker to obtain the sensitive
information or gain unauthorized access to the smartcard.

Affected Software/OS:
OpenSC version prior to 0.11.8 on Linux.

Solution:
Upgrade to OpenSC version 0.11.8 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: BugTraq ID: 34884
Common Vulnerability Exposure (CVE) ID: CVE-2009-1603
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
http://security.gentoo.org/glsa/glsa-200908-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.openwall.com/lists/oss-security/2009/05/08/1
http://secunia.com/advisories/35035
http://secunia.com/advisories/35293
http://secunia.com/advisories/35309
http://secunia.com/advisories/36074
http://www.vupen.com/english/advisories/2009/1295
CopyrightCopyright (C) 2009 SecPod

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.