Scientific Linux Security Update : opensc on SL7.x x86_64 (20190806)

medium Nessus Plugin ID 128245

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

The following packages have been upgraded to a later upstream version:
opensc (0.19.0).

Security Fix(es) :

- opensc: Buffer overflows handling responses from Muscle Cards in card- muscle.c:muscle_list_files() (CVE-2018-16391)

- opensc: Buffer overflows handling responses from TCOS Cards in card- tcos.c:tcos_select_file() (CVE-2018-16392)

- opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)

- opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)

- opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)

- opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)

- opensc: Buffer overflows handling responses from CAC Cards in card- cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)

- opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)

- opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)

- opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)

- opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)

Solution

Update the affected opensc and / or opensc-debuginfo packages.

See Also

http://www.nessus.org/u?690bc3a0

Plugin Details

Severity: Medium

ID: 128245

File Name: sl_20190806_opensc_on_SL7_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 8/27/2019

Updated: 5/1/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-16423

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-16393

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:opensc, p-cpe:/a:fermilab:scientific_linux:opensc-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/6/2019

Vulnerability Publication Date: 9/3/2018

Reference Information

CVE: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16426, CVE-2018-16427