Detections
Analytics

Debian dla-4004 : opensc - security update

high Nessus Plugin ID 213413

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4004 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-4004-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 28, 2024 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : opensc Version : 0.21.0-1+deb11u1 CVE ID : CVE-2021-34193 CVE-2021-42778 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 CVE-2023-2977 CVE-2023-5992 CVE-2023-40660 CVE-2023-40661 CVE-2024-1454 CVE-2024-8443 CVE-2024-45615 CVE-2024-45616 CVE-2024-45617 CVE-2024-45618 CVE-2024-45619 CVE-2024-45620 Debian Bug : 1037021 1055521 1055522 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864

 Multiple vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash, information leak, or PIN bypass.

 CVE-2021-34193

 Multiple stack overflow vulnerabilities were discovered in OpenSC smart card middleware via crafted responses to APDUs.

 CVE-2021-42778

 A heap double free issue was found in sc_pkcs15_free_tokeninfo().

 CVE-2021-42779

 A heap use after free issue was found in sc_file_valid().

 CVE-2021-42780

 A use after return issue was found in the insert_pin() function, which could potentially crash programs using the library.

 CVE-2021-42781

 Multiple heap buffer overflow issues were found in pkcs15-oberthur.c, which could potentially crash programs using the library.

 CVE-2021-42782

 Multiple buffer overflow issues were found in various places, which could potentially crash programs using the library.

 CVE-2023-2977

 A buffer overrun vulnerability was found in pkcs15's cardos_have_verifyrc_package(). When supplying a smart card package with malformed ASN.1 context, an attacker can trigger a crash or information leak via heap-based buffer out-of-bound read.

 CVE-2023-5992

 Alicja Karion discovered that the code handling the PKCS#1.5 encryption padding removal was not implemented in side-channel resistant way, which can lead to decryption of previously captured RSA ciphertexts and forging of signatures based on the timing data (Marvin attack).

 CVE-2023-40660

 Deepanjan Pal discovered a potential PIN bypass with empty PIN.
 When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN was provided.

 CVE-2023-40661

 Multiple memory vulnerabilities were found by dynamic analyzers in pkcs15-init.

 CVE-2024-1454

 A memory use after free issue was found in AuthentIC driver when updating token info.

 CVE-2024-8443

 An heap buffer overflow issue was found in OpenPGP driver during key generation.

 CVE-2024-45615

 Matteo Marini discovered multiple uses of uninitialized values in libopensc and pkcs15init.

 CVE-2024-45616

 Matteo Marini discovered multiple uses of uninitialized values after incorrect check or usage of APDU response values in libopensc.

 CVE-2024-45617

 Matteo Marini discovered multiple uses of uninitialized values after incorrect or missing checking return values of functions in libopensc.

 CVE-2024-45618

 Matteo Marini discovered multiple uses of uninitialized values after incorrect or missing checking return values of functions in pkcs15init.

 CVE-2024-45619

 Matteo Marini discovered multiple incorrect handling of length of buffers or files in libopensc, which could result in application crash or information leak. When buffers are partially filled with data, uninitialized parts of the buffer may be incorrectly accessed.

 CVE-2024-45620

 Matteo Marini discovered multiple incorrect handling of length of buffers or files in pkcs15init, which could result in application crash or information leak. When buffers are partially filled with data, uninitialized parts of the buffer may be incorrectly accessed.

 For Debian 11 bullseye, these problems have been fixed in version 0.21.0-1+deb11u1.

 We recommend that you upgrade your opensc packages.

 For the detailed security status of opensc please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/opensc

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the opensc packages.

See Also

https://security-tracker.debian.org/tracker/source-package/opensc

https://security-tracker.debian.org/tracker/CVE-2021-34193

https://security-tracker.debian.org/tracker/CVE-2021-42778

https://security-tracker.debian.org/tracker/CVE-2021-42779

https://security-tracker.debian.org/tracker/CVE-2021-42780

https://security-tracker.debian.org/tracker/CVE-2021-42781

https://security-tracker.debian.org/tracker/CVE-2021-42782

https://security-tracker.debian.org/tracker/CVE-2023-2977

https://security-tracker.debian.org/tracker/CVE-2023-40660

https://security-tracker.debian.org/tracker/CVE-2023-40661

https://security-tracker.debian.org/tracker/CVE-2023-5992

https://security-tracker.debian.org/tracker/CVE-2024-1454

https://security-tracker.debian.org/tracker/CVE-2024-45615

https://security-tracker.debian.org/tracker/CVE-2024-45616

https://security-tracker.debian.org/tracker/CVE-2024-45617

https://security-tracker.debian.org/tracker/CVE-2024-45618

https://security-tracker.debian.org/tracker/CVE-2024-45619

https://security-tracker.debian.org/tracker/CVE-2024-45620

https://security-tracker.debian.org/tracker/CVE-2024-8443

https://packages.debian.org/source/bullseye/opensc

Plugin Details

Severity: High

ID: 213413

File Name: debian_DLA-4004.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/28/2024

Updated: 12/28/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-42782

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-2977

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:opensc, p-cpe:/a:debian:debian_linux:opensc-pkcs11

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/28/2024

Vulnerability Publication Date: 4/12/2022

Reference Information

CVE: CVE-2021-34193, CVE-2021-42778, CVE-2021-42779, CVE-2021-42780, CVE-2021-42781, CVE-2021-42782, CVE-2023-2977, CVE-2023-40660, CVE-2023-40661, CVE-2023-5992, CVE-2024-1454, CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620, CVE-2024-8443