Executive Summary

Informations
Name CVE-2009-1603 First vendor Publication 2009-05-11
Vendor Cve Last vendor Modification 2009-08-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37 Lifting Data Embedded in Client Distributions
CAPEC-65 Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-117 Data Interception Attacks
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-167 Lifting Sensitive Data from the Client
CAPEC-204 Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205 Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2009-08-17 Name : Gentoo Security Advisory GLSA 200908-01 (opensc)
File : nvt/glsa_200908_01.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-4928 (mingw32-opensc)
File : nvt/fcore_2009_4928.nasl
2009-06-05 Name : Fedora Core 11 FEDORA-2009-4967 (mingw32-opensc)
File : nvt/fcore_2009_4967.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:123 (opensc)
File : nvt/mdksa_2009_123.nasl
2009-05-20 Name : OpenSC Incorrect RSA Keys Generation Vulnerability
File : nvt/secpod_opensc_insecure_key_generation_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54499 OpenSC pkcs11-tool src/tools/pkcs11-tool.c RSA Key Public Exponent Generation...

Nessus® Vulnerability Scanner

Date Description
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-123.nasl - Type : ACT_GATHER_INFO
2009-08-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200908-01.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4928.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4967.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4883.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4919.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
FEDORA https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html
GENTOO http://security.gentoo.org/glsa/glsa-200908-01.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
MLIST http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.openwall.com/lists/oss-security/2009/05/08/1
SECUNIA http://secunia.com/advisories/35035
http://secunia.com/advisories/35293
http://secunia.com/advisories/35309
http://secunia.com/advisories/36074
VUPEN http://www.vupen.com/english/advisories/2009/1295

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:09:32
  • Multiple Updates
2021-04-22 01:09:53
  • Multiple Updates
2020-05-23 00:23:45
  • Multiple Updates
2016-04-26 18:48:54
  • Multiple Updates
2014-02-17 10:49:59
  • Multiple Updates
2013-05-10 23:50:02
  • Multiple Updates