|
|
Subscribe / Log in / New account

opensc: insufficient access restrictions

Package(s):opensc CVE #(s):CVE-2009-0368
Created:March 19, 2009 Updated:June 1, 2009
Description: opensc has a vulnerability involving insufficient access restrictions on private data. From the Red Hat alert:

OpenSC stores private data without proper access restrictions. User "b.badrignans" reported this security problem on December 4th, 2008. In June 2007 support form private data objects was added to OpenSC. Only later a severe security bug was found out: while the OpenSC PKCS#11 implementation requires PIN verification to access the data, low level APDU commands or debugging tools like opensc-explorer or opensc-tool can access the private data without any authentication. This was fixed in OpenSC 0.11.7.

Alerts:
SuSE SUSE-SR:2009:010 firefox apport evolution freetype2 java_1_4_2-ibm kdegraphics3 libopenssl libsoup xulrunner opensc python-crypto unbound xpdf 2009-05-12
Mandriva MDVSA-2009:089 opensc 2009-04-09
Fedora FEDORA-2009-2266 opensc 2009-03-03
Fedora FEDORA-2009-2267 opensc 2009-03-03
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds