Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:123 | First vendor Publication | 2009-05-27 |
Vendor | Mandriva | Last vendor Modification | 2009-05-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted (CVE-2009-1603). The updated packages fix the issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:123 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-37 | Lifting Data Embedded in Client Distributions |
CAPEC-65 | Passively Sniff and Capture Application Code Bound for Authorized Client |
CAPEC-117 | Data Interception Attacks |
CAPEC-155 | Screen Temporary Files for Sensitive Information |
CAPEC-157 | Sniffing Attacks |
CAPEC-167 | Lifting Sensitive Data from the Client |
CAPEC-204 | Lifting cached, sensitive data embedded in client distributions (thick or thin) |
CAPEC-205 | Lifting credential(s)/key material embedded in client distributions (thick or... |
CAPEC-258 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
CAPEC-259 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
CAPEC-260 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-312 | Cleartext Storage of Sensitive Information |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-08-17 | Name : Gentoo Security Advisory GLSA 200908-01 (opensc) File : nvt/glsa_200908_01.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-4928 (mingw32-opensc) File : nvt/fcore_2009_4928.nasl |
2009-06-05 | Name : Fedora Core 11 FEDORA-2009-4967 (mingw32-opensc) File : nvt/fcore_2009_4967.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:123 (opensc) File : nvt/mdksa_2009_123.nasl |
2009-05-20 | Name : OpenSC Incorrect RSA Keys Generation Vulnerability File : nvt/secpod_opensc_insecure_key_generation_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54499 | OpenSC pkcs11-tool src/tools/pkcs11-tool.c RSA Key Public Exponent Generation... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-123.nasl - Type : ACT_GATHER_INFO |
2009-08-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-01.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4928.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4967.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4883.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4919.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:40:19 |
|