English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2019.0019
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2019-0019)
Resumen:The remote host is missing an update for the 'opensc' package(s) announced via the MGASA-2019-0019 advisory.
Descripción:Summary:
The remote host is missing an update for the 'opensc' package(s) announced via the MGASA-2019-0019 advisory.

Vulnerability Insight:
Several buffer overflows when handling responses from a Muscle Card in
muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted smartcards to cause a
denial of service (application crash) or possibly have unspecified other
impact (CVE-2018-16391).

Several buffer overflows when handling responses from a TCOS Card in
tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted smartcards to cause a
denial of service (application crash) or possibly have unspecified other
impact (CVE-2018-16392).

Several buffer overflows when handling responses from a Gemsafe V1
Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in
OpenSC before 0.19.0-rc1 could be used by attackers able to supply
crafted smartcards to cause a denial of service (application crash) or
possibly have unspecified other impact (CVE-2018-16393).

A buffer overflow when handling string concatenation in util_acl_to_str
in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers
able to supply crafted smartcards to cause a denial of service
(application crash) or possibly have unspecified other impact
(CVE-2018-16418).

Several buffer overflows when handling responses from a Cryptoflex card
in read_public_key in tools/cryptoflex-tool.c in OpenSC before
0.19.0-rc1 could be used by attackers able to supply crafted smartcards
to cause a denial of service (application crash) or possibly have
unspecified other impact (CVE-2018-16419).

Several buffer overflows when handling responses from an ePass 2003 Card
in decrypt_response in libopensc/card-epass2003.c in OpenSC before
0.19.0-rc1 could be used by attackers able to supply crafted smartcards
to cause a denial of service (application crash) or possibly have
unspecified other impact (CVE-2018-16420).

Several buffer overflows when handling responses from a CAC Card in
cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before
0.19.0-rc1 could be used by attackers able to supply crafted smartcards
to cause a denial of service (application crash) or possibly have
unspecified other impact (CVE-2018-16421).

A single byte buffer overflow when handling responses from an esteid
Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC
before 0.19.0-rc1 could be used by attackers able to supply crafted
smartcards to cause a denial of service (application crash) or possibly
have unspecified other impact (CVE-2018-16422).

A double free when handling responses from a smartcard in
sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could
be used by attackers able to supply crafted smartcards to cause a denial
of service (application crash) or possibly have unspecified other impact
(CVE-2018-16423).

A double free when handling responses in read_file in
tools/egk-tool.c (aka the eGK card tool) ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'opensc' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-16391
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
RedHat Security Advisories: RHSA-2019:2154
https://access.redhat.com/errata/RHSA-2019:2154
Common Vulnerability Exposure (CVE) ID: CVE-2018-16392
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b2a356323a9ff2024d041cf2d7e89dd3
Common Vulnerability Exposure (CVE) ID: CVE-2018-16393
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad
Common Vulnerability Exposure (CVE) ID: CVE-2018-16418
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
Common Vulnerability Exposure (CVE) ID: CVE-2018-16419
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15
Common Vulnerability Exposure (CVE) ID: CVE-2018-16420
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d
Common Vulnerability Exposure (CVE) ID: CVE-2018-16421
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-848b13147a344ba2c6361d91ca77feb1
Common Vulnerability Exposure (CVE) ID: CVE-2018-16422
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0
Common Vulnerability Exposure (CVE) ID: CVE-2018-16423
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-db0cd89ff279ad8c7b3bb780cdf2770a
Common Vulnerability Exposure (CVE) ID: CVE-2018-16424
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063
Common Vulnerability Exposure (CVE) ID: CVE-2018-16425
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5
Common Vulnerability Exposure (CVE) ID: CVE-2018-16426
https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54
Common Vulnerability Exposure (CVE) ID: CVE-2018-16427
https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.