Buffer overflow : OpenSC < 0.12.0 Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.901175

Categoría: Buffer overflow

Título: OpenSC < 0.12.0 Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities - Windows

Resumen: OpenSC is prone to multiple buffer overflow vulnerabilities.

Descripción: Summary:
OpenSC is prone to multiple buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to boundary errors in the 'acos_get_serialnr()',
'acos5_get_serialnr()', and 'starcos_get_serialnr()' functions when reading
out the serial number of smart cards.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code in the context of the application. Failed attacks will cause denial
of service conditions.

Affected Software/OS:
OpenSC version 0.11.13 and prior.

Solution:
Upgrade to OpenSC 0.12.0 or later.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4523
42658
http://secunia.com/advisories/42658
42807
http://secunia.com/advisories/42807
43068
http://secunia.com/advisories/43068
45435
http://www.securityfocus.com/bid/45435
ADV-2011-0009
http://www.vupen.com/english/advisories/2011/0009
ADV-2011-0109
http://www.vupen.com/english/advisories/2011/0109
ADV-2011-0212
http://www.vupen.com/english/advisories/2011/0212
FEDORA-2010-19192
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html
FEDORA-2010-19193
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html
MDVSA-2011:011
http://www.mandriva.com/security/advisories?name=MDVSA-2011:011
SUSE-SR:2011:002
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[oss-security] 20101221 CVE request: opensc buffer overflow
http://openwall.com/lists/oss-security/2010/12/21/2
[oss-security] 20101222 Re: CVE request: opensc buffer overflow
http://openwall.com/lists/oss-security/2010/12/22/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
https://bugzilla.redhat.com/show_bug.cgi?id=664831
https://www.opensc-project.org/opensc/changeset/4913

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.901175
Categoría:	Buffer overflow
Título:	OpenSC < 0.12.0 Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities - Windows
Resumen:	OpenSC is prone to multiple buffer overflow vulnerabilities.
Descripción:	Summary: OpenSC is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to boundary errors in the 'acos_get_serialnr()', 'acos5_get_serialnr()', and 'starcos_get_serialnr()' functions when reading out the serial number of smart cards. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial of service conditions. Affected Software/OS: OpenSC version 0.11.13 and prior. Solution: Upgrade to OpenSC 0.12.0 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4523 42658 http://secunia.com/advisories/42658 42807 http://secunia.com/advisories/42807 43068 http://secunia.com/advisories/43068 45435 http://www.securityfocus.com/bid/45435 ADV-2011-0009 http://www.vupen.com/english/advisories/2011/0009 ADV-2011-0109 http://www.vupen.com/english/advisories/2011/0109 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 FEDORA-2010-19192 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html FEDORA-2010-19193 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html MDVSA-2011:011 http://www.mandriva.com/security/advisories?name=MDVSA-2011:011 SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html [oss-security] 20101221 CVE request: opensc buffer overflow http://openwall.com/lists/oss-security/2010/12/21/2 [oss-security] 20101222 Re: CVE request: opensc buffer overflow http://openwall.com/lists/oss-security/2010/12/22/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 https://bugzilla.redhat.com/show_bug.cgi?id=664831 https://www.opensc-project.org/opensc/changeset/4913
Copyright	Copyright (C) 2011 Greenbone AG