SB2018111004 - OpenSUSE Linux update for opensc

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018111004

SB2018111004 - OpenSUSE Linux update for opensc

Published: November 10, 2018 Updated: November 10, 2018

Security Bulletin ID SB2018111004
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-16391)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


2) Buffer overflow (CVE-ID: CVE-2018-16392)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


3) Buffer overflow (CVE-ID: CVE-2018-16393)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


4) Buffer overflow (CVE-ID: CVE-2018-16418)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling string concatenation in util_acl_to_str in tools/util.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


5) Buffer overflow (CVE-ID: CVE-2018-16419)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


6) Buffer overflow (CVE-ID: CVE-2018-16420)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


7) Buffer overflow (CVE-ID: CVE-2018-16421)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c. A local attacker can create a specially crafted smartcards, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Buffer overflow (CVE-ID: CVE-2018-16422)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


9) Double-free error (CVE-ID: CVE-2018-16423)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to double-free error when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


10) Double free error (CVE-ID: CVE-2018-16424)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when the read_file() function, as defined in the src/tools/egk-tool.c source code file, is used. A remote attacker can supply a specially crafted smart card, trigger a double-free memory error and cause the service to crash.


11) Double Free (CVE-ID: CVE-2018-16425)

The vulnerability allows a local authenticated user to execute arbitrary code.

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.


12) Endless recursion (CVE-ID: CVE-2018-16426)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c. A remote unauthenticated attacker can supply specially crafted smartcards to hang or crash the opensc library using programs.


13) Out-of-bounds read (CVE-ID: CVE-2018-16427)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read when handling responses. A remote unauthenticated attacker can supply specially crafted smartcards to crash the opensc library using programs.


Remediation

Install update from vendor's website.

References