OpenSC Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with OpenSC and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attacker to access data objects which are intended to be private. Impact Level: Application

Solution

Upgrade to OpenSC version 0.11.7 http://www.opensc-project.org/files/opensc

Insight

Security issue due to OpenSC incorrectly initializing private data objects. This can be exploited to access data objects which are intended to be private through low level APDU commands or debugging tool.

Affected

OpenSC version prior to 0.11.7 on Linux.

References

http://secunia.com/advisories/34052
http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html
http://xforce.iss.net/xforce/xfdb/48958

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0368
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Bournal Privilege Escalation Vulnerability
OpenSC Security Bypass Vulnerability
McAfee VirusScan Enterprise Privilege Escalation Vulnerability (Windows)
Apache <= 1.3.33 htpasswd local overflow

Take action and discover your vulnerabilities