OpenSC Incorrect RSA Keys Generation Vulnerability Network Vulnerability

Summary

This host is installed with OpenSC and is prone to Insecure Key Generation vulnerability.

Impact

Successful exploitation will allow attacker to obtain the sensitive information or gain unauthorized access to the smartcard. Impact Level: Application

Solution

Upgrade to OpenSC version 0.11.8 http://www.opensc-project.org/files/opensc

Insight

Security issues are due to, - a tool that starts a key generation with public exponent set to 1, an invalid value that causes an insecure RSA key. - a PKCS#11 module that accepts that this public exponent and forwards it to the card. - a card that accepts the public exponent and generates the rsa key.

Affected

OpenSC version prior to 0.11.8 on Linux.

References

http://secunia.com/advisories/35035
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.vupen.com/english/advisories/2009/1295

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1603
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Intel Desktop Boards SMM Local Privilege Escalation Vulnerability (Linux)
Avaya P330 Stackable Switch found with default password
OpenSC Incorrect RSA Keys Generation Vulnerability
VMware Tools Local Privilege Escalation Vulnerability (Linux)
Ziproxy Security Bypass Vulnerability

Take action and discover your vulnerabilities