Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800370
Kategorie:Privilege escalation
Titel:OpenSC < 0.11.7 Security Bypass Vulnerability
Zusammenfassung:This host is installed with OpenSC and is prone to a security bypass; vulnerability.
Beschreibung:Summary:
This host is installed with OpenSC and is prone to a security bypass
vulnerability.

Vulnerability Insight:
Security issue due to OpenSC incorrectly initializing private data objects.
This can be exploited to access data objects which are intended to be
private through low level APDU commands or debugging tool.

Vulnerability Impact:
Successful exploitation will allow an attacker to access data objects
which are intended to be private.

Affected Software/OS:
OpenSC version prior to 0.11.7 on Linux.

Solution:
Upgrade to OpenSC version 0.11.7.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Querverweis: BugTraq ID: 33922
Common Vulnerability Exposure (CVE) ID: CVE-2009-0368
http://www.securityfocus.com/bid/33922
Debian Security Information: DSA-1734 (Google Search)
http://www.debian.org/security/2009/dsa-1734
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
http://security.gentoo.org/glsa/glsa-200908-01.xml
http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html
http://openwall.com/lists/oss-security/2009/02/26/1
http://secunia.com/advisories/34052
http://secunia.com/advisories/34120
http://secunia.com/advisories/34362
http://secunia.com/advisories/34377
http://secunia.com/advisories/35065
http://secunia.com/advisories/36074
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
XForce ISS Database: opensc-pkcs-unauth-access(48958)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48958
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.