Debian DSA-1734-1 : opensc - programming error

low Nessus Plugin ID 35790

Synopsis

The remote Debian host is missing a security-related update.

Description

b.badrignans discovered that OpenSC, a set of smart card utilities, could stores private data on a smart card without proper access restrictions.

Only blank cards initialised with OpenSC are affected by this problem.
This update only improves creating new private data objects, but cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. Instructions for a variety of situations can be found at the OpenSC website:
http://www.opensc-project.org/security.html

The oldstable distribution (etch) is not affected by this problem.

Solution

Upgrade the opensc package and recreate any private data objects stored on the smart cards.

For the stable distribution (lenny), this problem has been fixed in version 0.11.4-5+lenny1.

See Also

https://www.debian.org/security/2009/dsa-1734

Plugin Details

Severity: Low

ID: 35790

File Name: debian_DSA-1734.nasl

Version: 1.13

Type: local

Agent: unix

Published: 3/8/2009

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:opensc, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/5/2009

Reference Information

CVE: CVE-2009-0368

BID: 33922

CWE: 310

DSA: 1734