Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21626
HistoryApr 12, 2009 - 12:00 a.m.

[ MDVSA-2009:089 ] opensc

2009-04-1200:00:00
vulners.com
9
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2009:089
http://www.mandriva.com/security/

Package : opensc
Date : April 9, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0

Problem Description:

OpenSC before 0.11.7 allows physically proximate attackers to bypass
intended PIN requirements and read private data objects via a (1) low
level APDU command or (2) debugging tool, as demonstrated by reading
the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

The updated packages fix the issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368

Updated Packages:

Mandriva Linux 2008.0:
5f239515eac39547b0c9f41c6fa73411 2008.0/i586/libopensc2-0.11.3-2.2mdv2008.0.i586.rpm
25444defa5ae336f6053135299686612 2008.0/i586/libopensc-devel-0.11.3-2.2mdv2008.0.i586.rpm
98a08ef44e9284dc53982e232dbcbd6f 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.i586.rpm
017d9c1dbc1c064a7aaadd5a63d7a496 2008.0/i586/opensc-0.11.3-2.2mdv2008.0.i586.rpm
c85bf396c067679cb6c312a1a34498db 2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
ff3a14e7ceb98e30edfd56443c0829d0 2008.0/x86_64/lib64opensc2-0.11.3-2.2mdv2008.0.x86_64.rpm
9ffad75feeeb3e9edf4ea7c0a3123ec9 2008.0/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.0.x86_64.rpm
9134f93d7faeaa3d672e42d107068fbc 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.x86_64.rpm
23660b061c276ec1ed2a77c60a191229 2008.0/x86_64/opensc-0.11.3-2.2mdv2008.0.x86_64.rpm
c85bf396c067679cb6c312a1a34498db 2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
8cb99452e878b5f371f592f22e28f12d 2008.1/i586/libopensc2-0.11.3-2.2mdv2008.1.i586.rpm
f3112256e1fa360eb29e890b530d73dd 2008.1/i586/libopensc-devel-0.11.3-2.2mdv2008.1.i586.rpm
70747b6fefb3792e7ef43c99b3e6fd76 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.i586.rpm
f816da7b83e65909776040c9ae93a456 2008.1/i586/opensc-0.11.3-2.2mdv2008.1.i586.rpm
028a72bb7eeb49cbd8b5af3f80bdcecc 2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
839774a8b6765ef0a1db6a80187e44cc 2008.1/x86_64/lib64opensc2-0.11.3-2.2mdv2008.1.x86_64.rpm
1292b5f9b985155c45d017c9d491d979 2008.1/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.1.x86_64.rpm
18b47407a2ef4e0bda7c79eef0055ba3 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.x86_64.rpm
92489f4d1be33ac711de922e84f5847d 2008.1/x86_64/opensc-0.11.3-2.2mdv2008.1.x86_64.rpm
028a72bb7eeb49cbd8b5af3f80bdcecc 2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
3c873d88bfc728f3c6e566bb27caa60a 2009.0/i586/libopensc2-0.11.7-0.1mdv2009.0.i586.rpm
12259488d9315c8e9a85e38259b3e4ae 2009.0/i586/libopensc-devel-0.11.7-0.1mdv2009.0.i586.rpm
543095148af4a557a7e4c8f0674cb651 2009.0/i586/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.i586.rpm
b97aa305b656629979bf64aea14bb595 2009.0/i586/opensc-0.11.7-0.1mdv2009.0.i586.rpm
391234fd292dbbe9c9cf0bae990ca961 2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
44a05f6ad6ff9913422b1fdb79c61745 2009.0/x86_64/lib64opensc2-0.11.7-0.1mdv2009.0.x86_64.rpm
33960dc36d0db21e71ce6693fb52915e 2009.0/x86_64/lib64opensc-devel-0.11.7-0.1mdv2009.0.x86_64.rpm
37aa2c61aa7ff43e9a0d48d69e082169 2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.x86_64.rpm
6b906a1e884c002eb91cb744b1c70290 2009.0/x86_64/opensc-0.11.7-0.1mdv2009.0.x86_64.rpm
391234fd292dbbe9c9cf0bae990ca961 2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm

Corporate 4.0:
710b784731ba6ce9e2f7474d5190a864 corporate/4.0/i586/libopensc2-0.10.1-2.2.20060mlcs4.i586.rpm
68cbe67c1a03defb2f0e80aa738b808e corporate/4.0/i586/libopensc2-devel-0.10.1-2.2.20060mlcs4.i586.rpm
5735d95135f72f10f0e26453afd25080 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.i586.rpm
91502589d130ad3b5cb347804286a5da corporate/4.0/i586/opensc-0.10.1-2.2.20060mlcs4.i586.rpm
a6db7e426ac61da00de18480b00f360c corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
4d17dddf9cf837593ded74d5707e6227 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.2.20060mlcs4.x86_64.rpm
88cd0ade0e38454db2aad29a19ba9418 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.2.20060mlcs4.x86_64.rpm
33732581d211c93a5793e860222b7042 corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm
41c99e7b2d5d6da50872aedb1d5b3501 corporate/4.0/x86_64/opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm
a6db7e426ac61da00de18480b00f360c corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ3n4AmqjQ0CJFipgRAv5sAJ904FF0NsEQBEum8/vpzfTKtfxTEgCgvSwi
KP+gV5439hIBiqh2qQi8gVg=
=TJ3g
-----END PGP SIGNATURE-----

Related

nessus 10
prion 1
fedora 4
openvas 21
debian 1
securityvulns 1
cve 1
debiancve 1
redhatcve 1
ubuntucve 1
gentoo 1
nessus
nessus
Mandriva Linux Security Advisory : opensc (MDVSA-2009:089)
2009-04-23 00:00:00
Fedora 10 : opensc-0.11.7-1.fc10 (2009-2266)
2009-04-23 00:00:00
SuSE 10 Security Update : OpenSC (ZYPP Patch Number 6053)
2009-09-24 00:00:00
prion
prion
Code injection
2009-03-02 22:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: opensc-0.11.7-1.fc10
2009-03-18 19:01:49
[SECURITY] Fedora 10 Update: opensc-0.11.8-1.fc10
2009-05-30 02:29:15
[SECURITY] Fedora 9 Update: opensc-0.11.8-1.fc9
2009-05-30 02:30:33
openvas
openvas
Fedora Core 10 FEDORA-2009-4919 (opensc)
2009-06-05 00:00:00
Fedora Core 10 FEDORA-2009-2266 (opensc)
2009-03-20 00:00:00
Mandrake Security Advisory MDVSA-2009:089 (opensc)
2009-04-15 00:00:00
debian
debian
[SECURITY] [DSA 1734-1] New opensc packages fix information disclosure
2009-03-05 08:57:51
securityvulns
securityvulns
OpenSC protection bypass
2009-04-12 00:00:00
cve
cve
CVE-2009-0368
2009-03-02 22:30:00
debiancve
debiancve
CVE-2009-0368
2009-03-02 22:30:00
redhatcve
redhatcve
CVE-2009-0368
2019-10-04 21:12:14
ubuntucve
ubuntucve
CVE-2009-0368
2009-03-02 00:00:00
gentoo
gentoo
OpenSC: Multiple vulnerabilities
2009-08-01 00:00:00
JSON
Related for SECURITYVULNS:DOC:21626
nessus10prion1fedora4openvas21debian1securityvulns1cve1debiancve1redhatcve1ubuntucve1gentoo1