Executive Summary

Informations
Name MDVSA-2009:123 First vendor Publication 2009-05-27
Vendor Mandriva Last vendor Modification 2009-05-27
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted (CVE-2009-1603).

The updated packages fix the issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:123

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37 Lifting Data Embedded in Client Distributions
CAPEC-65 Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-117 Data Interception Attacks
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-167 Lifting Sensitive Data from the Client
CAPEC-204 Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205 Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-312 Cleartext Storage of Sensitive Information

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 3

OpenVAS Exploits

Date Description
2009-08-17 Name : Gentoo Security Advisory GLSA 200908-01 (opensc)
File : nvt/glsa_200908_01.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-4928 (mingw32-opensc)
File : nvt/fcore_2009_4928.nasl
2009-06-05 Name : Fedora Core 11 FEDORA-2009-4967 (mingw32-opensc)
File : nvt/fcore_2009_4967.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:123 (opensc)
File : nvt/mdksa_2009_123.nasl
2009-05-20 Name : OpenSC Incorrect RSA Keys Generation Vulnerability
File : nvt/secpod_opensc_insecure_key_generation_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54499 OpenSC pkcs11-tool src/tools/pkcs11-tool.c RSA Key Public Exponent Generation...

Nessus® Vulnerability Scanner

Date Description
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-123.nasl - Type : ACT_GATHER_INFO
2009-08-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200908-01.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4928.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4967.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4883.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4919.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:19
  • Multiple Updates