Executive Summary
| Summary | |
|---|---|
| Title | OpenSC: Arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201401-18 | First vendor Publication | 2014-01-21 |
| Vendor | Gentoo | Last vendor Modification | 2014-01-21 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple stack-based buffer overflows have been found in OpenSC, allowing attackers to execute arbitrary code. Background Description Impact Workaround Resolution Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References Availability http://security.gentoo.org/glsa/glsa-201401-18.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201401-18.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-02-01 | Name : OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities (Win) File : nvt/secpod_opensc_mult_bof_vuln_win.nasl |
| 2011-01-21 | Name : Mandriva Update for opensc MDVSA-2011:011 (opensc) File : nvt/gb_mandriva_MDVSA_2011_011.nasl |
| 2011-01-11 | Name : Fedora Update for opensc FEDORA-2010-19192 File : nvt/gb_fedora_2010_19192_opensc_fc14.nasl |
| 2011-01-11 | Name : Fedora Update for opensc FEDORA-2010-19193 File : nvt/gb_fedora_2010_19193_opensc_fc13.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70168 | OpenSC libopensc Smart Card Serial Number Field Multiple Function Overflows libopensc in OpenSC is prone to an overflow condition. The 'acos_get_serialnr()', 'acos5_get_serialnr()' and 'starcos_get_serialnr()' functions fail to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted smart card, a physically present attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopensc2-101222.nasl - Type : ACT_GATHER_INFO |
| 2014-01-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-18.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopensc2-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopensc2-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-011.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopensc2-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-01-04 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19192.nasl - Type : ACT_GATHER_INFO |
| 2011-01-04 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19193.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:38:03 |
|
| 2014-01-21 21:19:40 |
|
