Test ID:	1.3.6.1.4.1.25623.1.0.900639
Category:	Privilege escalation
Title:	OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability
Summary:	OpenSC is prone to an insecure key generation vulnerability.
Description:	Summary: OpenSC is prone to an insecure key generation vulnerability. Vulnerability Insight: Security issues are due to: - a tool that starts a key generation with public exponent set to 1, an invalid value that causes an insecure RSA key. - a PKCS#11 module that accepts that this public exponent and forwards it to the card. - a card that accepts the public exponent and generates the rsa key. Vulnerability Impact: Successful exploitation will allow attacker to obtain the sensitive information or gain unauthorized access to the smartcard. Affected Software/OS: OpenSC version prior to 0.11.8 on Linux. Solution: Upgrade to OpenSC version 0.11.8 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1603 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html http://security.gentoo.org/glsa/glsa-200908-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:123 http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html http://www.openwall.com/lists/oss-security/2009/05/08/1 http://secunia.com/advisories/35035 http://secunia.com/advisories/35293 http://secunia.com/advisories/35309 http://secunia.com/advisories/36074 http://www.vupen.com/english/advisories/2009/1295
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.