Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
{"debiancve": [{"lastseen": "2023-12-06T18:25:30", "description": "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-09-04T00:29:00", "type": "debiancve", "title": "CVE-2018-16427", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16427"], "modified": "2018-09-04T00:29:00", "id": "DEBIANCVE:CVE-2018-16427", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16427", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-06T14:44:48", "description": "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-09-04T00:29:00", "type": "cve", "title": "CVE-2018-16427", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16427"], "modified": "2019-08-06T17:15:00", "cpe": ["cpe:/a:opensc_project:opensc:0.18.0"], "id": "CVE-2018-16427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16427", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:opensc_project:opensc:0.18.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-07T22:10:42", "description": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, CVE-2018-16427. Reason: This candidate is a duplicate of CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, and CVE-2018-16427. Notes: All CVE users should reference CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, and/or CVE-2018-16427 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "cvss3": {}, "published": "2018-09-05T06:29:00", "type": "cve", "title": "CVE-2018-1000672", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2018-1000672", "CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2023-11-07T02:51:00", "cpe": [], "id": "CVE-2018-1000672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000672", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "ubuntucve": [{"lastseen": "2023-12-06T15:02:29", "description": "Various out of bounds reads when handling responses in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards to\npotentially crash the opensc library using programs.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-09-04T00:00:00", "type": "ubuntucve", "title": "CVE-2018-16427", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16427"], "modified": "2018-09-04T00:00:00", "id": "UB:CVE-2018-16427", "href": "https://ubuntu.com/security/CVE-2018-16427", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-27T11:00:21", "description": "opensc is vulnerable to out of bounds reads while handling responses from smartcards. \n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-08T00:07:54", "type": "veracode", "title": "Out-of-bounds Reads", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16427"], "modified": "2022-04-19T18:11:37", "id": "VERACODE:21138", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21138/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-23T20:30:36", "description": "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-09-12T07:19:29", "type": "redhatcve", "title": "CVE-2018-16427", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16427"], "modified": "2023-04-06T04:54:13", "id": "RH:CVE-2018-16427", "href": "https://access.redhat.com/security/cve/cve-2018-16427", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T02:36:52", "description": "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-09-04T00:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16427"], "modified": "2019-08-06T17:15:00", "id": "PRION:CVE-2018-16427", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2018-16427", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-20T14:42:35", "description": "This update for opensc fixes the following issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : opensc (SUSE-SU-2018:3621-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopensc2", "p-cpe:/a:novell:suse_linux:opensc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3621-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3621-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118748);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16427\");\n\n script_name(english:\"SUSE SLES11 Security Update : opensc (SUSE-SU-2018:3621-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for opensc fixes the following issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from\na Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from\na TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from\nGemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string\nconcatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses\nfrom a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling\nresponses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a\nsmartcard (bsc#1107037)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in\nOpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16391/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16393/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16422/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16427/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183621-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96666bfb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-opensc-13856=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-opensc-13856=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-opensc-13856=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopensc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopensc2-32bit-0.11.6-5.27.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"opensc-32bit-0.11.6-5.27.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopensc2-32bit-0.11.6-5.27.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"opensc-32bit-0.11.6-5.27.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopensc2-0.11.6-5.27.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"opensc-0.11.6-5.27.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:00", "description": "This update for opensc fixes the following issues :\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\n - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opensc (openSUSE-2018-1384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opensc", "p-cpe:/a:novell:opensuse:opensc-debuginfo", "p-cpe:/a:novell:opensuse:opensc-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1384.NASL", "href": "https://www.tenable.com/plugins/nessus/118880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118880);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"openSUSE Security Update : opensc (openSUSE-2018-1384)\");\n script_summary(english:\"Check for the openSUSE-2018-1384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for opensc fixes the following issues :\n\n - CVE-2018-16391: Fixed a denial of service when handling\n responses from a Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling\n responses from a TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling\n responses from Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling\n string concatenation in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when\n handling responses from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling\n responses from an ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when\n handling responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling\n responses from a smartcard (bsc#1107037)\n\n - CVE-2018-16426: Fixed endless recursion when handling\n responses from an IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling\n responses in OpenSC (bsc#1107033)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"opensc-0.13.0-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"opensc-debuginfo-0.13.0-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"opensc-debugsource-0.13.0-9.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc / opensc-debuginfo / opensc-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:09", "description": "An update for opensc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.\n\nThe following packages have been upgraded to a later upstream version:\nopensc (0.19.0). (BZ#1656791)\n\nSecurity Fix(es) :\n\n* opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391)\n\n* opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392)\n\n* opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)\n\n* opensc: Buffer overflow handling string concatention in tools/ util.c:util_acl_to_str() (CVE-2018-16418)\n\n* opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n* opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n* opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n* opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n* opensc: Double free handling responses from smartcards in libopensc/ sc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n* opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)\n\n* opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : opensc (RHSA-2019:2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:opensc", "p-cpe:/a:redhat:enterprise_linux:opensc-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/127685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2154. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127685);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16391\",\n \"CVE-2018-16392\",\n \"CVE-2018-16393\",\n \"CVE-2018-16418\",\n \"CVE-2018-16419\",\n \"CVE-2018-16420\",\n \"CVE-2018-16421\",\n \"CVE-2018-16422\",\n \"CVE-2018-16423\",\n \"CVE-2018-16426\",\n \"CVE-2018-16427\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2154\");\n\n script_name(english:\"RHEL 7 : opensc (RHSA-2019:2154)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for opensc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe OpenSC set of libraries and utilities provides support for working\nwith smart cards. OpenSC focuses on cards that support cryptographic\noperations and enables their use for authentication, mail encryption,\nor digital signatures.\n\nThe following packages have been upgraded to a later upstream version:\nopensc (0.19.0). (BZ#1656791)\n\nSecurity Fix(es) :\n\n* opensc: Buffer overflows handling responses from Muscle Cards in\ncard-muscle.c:muscle_list_files() (CVE-2018-16391)\n\n* opensc: Buffer overflows handling responses from TCOS Cards in\ncard-tcos.c:tcos_select_file() (CVE-2018-16392)\n\n* opensc: Buffer overflows handling responses from Gemsafe V1\nSmartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()\n(CVE-2018-16393)\n\n* opensc: Buffer overflow handling string concatention in tools/\nutil.c:util_acl_to_str() (CVE-2018-16418)\n\n* opensc: Buffer overflow handling responses from Cryptoflex cards in\ncryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n* opensc: Buffer overflows handling responses from ePass 2003 Cards in\ncard-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n* opensc: Buffer overflows handling responses from CAC Cards in\ncard-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n* opensc: Buffer overflow handling responses from esteid cards in\npkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n* opensc: Double free handling responses from smartcards in libopensc/\nsc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n* opensc: Out of bounds reads handling responses from smartcards\n(CVE-2018-16427)\n\n* opensc: Infinite recusrion handling responses from IAS-ECC cards in\ncard-iasecc.c:iasecc_select_file() (CVE-2018-16426)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16427\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opensc and / or opensc-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2154\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"opensc-0.19.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"opensc-0.19.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"opensc-debuginfo-0.19.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"opensc-debuginfo-0.19.0-3.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc / opensc-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:35", "description": "This update for opensc fixes the following issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\nCVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-06T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : opensc (SUSE-SU-2018:3622-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-06-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:opensc", "p-cpe:/a:novell:suse_linux:opensc-debuginfo", "p-cpe:/a:novell:suse_linux:opensc-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3622-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3622-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118749);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/01\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : opensc (SUSE-SU-2018:3622-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opensc fixes the following issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from\na Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from\na TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from\nGemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string\nconcatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses\nfrom a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16420: Fixed buffer overflows when handling responses from an\nePass 2003 Card (bsc#1107097)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling\nresponses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a\nsmartcard (bsc#1107037)\n\nCVE-2018-16426: Fixed endless recursion when handling responses from\nan IAS-ECC card (bsc#1107034)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in\nOpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16391/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16393/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16422/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16426/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16427/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183622-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbaaed7b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2582=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2582=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"opensc-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"opensc-debuginfo-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"opensc-debugsource-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"opensc-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"opensc-debuginfo-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"opensc-debugsource-0.13.0-3.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:07", "description": "This update for opensc fixes the following issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\nCVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-12-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : opensc (SUSE-SU-2018:3622-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:opensc", "p-cpe:/a:novell:suse_linux:opensc-debuginfo", "p-cpe:/a:novell:suse_linux:opensc-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3622-2.NASL", "href": "https://www.tenable.com/plugins/nessus/119574", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3622-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119574);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : opensc (SUSE-SU-2018:3622-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opensc fixes the following issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from\na Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from\na TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from\nGemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string\nconcatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses\nfrom a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16420: Fixed buffer overflows when handling responses from an\nePass 2003 Card (bsc#1107097)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling\nresponses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a\nsmartcard (bsc#1107037)\n\nCVE-2018-16426: Fixed endless recursion when handling responses from\nan IAS-ECC card (bsc#1107034)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in\nOpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16391/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16393/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16422/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16426/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16427/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183622-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7be03c8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2018-2582=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2018-2582=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"opensc-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"opensc-debuginfo-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"opensc-debugsource-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"opensc-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"opensc-debuginfo-0.13.0-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"opensc-debugsource-0.13.0-3.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:15", "description": "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16391)\n\nSeveral buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16392)\n\nSeveral buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.CVE-2018-16393)\n\nA buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16418)\n\nSeveral buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16419)\n\nSeveral buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16420)\n\nSeveral buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16421)\n\nA single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16422)\n\nA double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16423)\n\nEndless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.(CVE-2018-16426)\n\nVarious out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.(CVE-2018-16427)", "cvss3": {}, "published": "2019-10-11T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : opensc (ALAS-2019-1312)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:opensc", "p-cpe:/a:amazon:linux:opensc-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1312.NASL", "href": "https://www.tenable.com/plugins/nessus/129794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1312.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129794);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n script_xref(name:\"ALAS\", value:\"2019-1312\");\n\n script_name(english:\"Amazon Linux 2 : opensc (ALAS-2019-1312)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several buffer overflows when handling responses from a Muscle Card in\nmuscle_list_files in libopensc/card-muscle.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact.(CVE-2018-16391)\n\nSeveral buffer overflows when handling responses from a TCOS Card in\ntcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1\ncould be used by attackers able to supply crafted smartcards to cause\na denial of service (application crash) or possibly have unspecified\nother impact.(CVE-2018-16392)\n\nSeveral buffer overflows when handling responses from a Gemsafe V1\nSmartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in\nOpenSC before 0.19.0-rc1 could be used by attackers able to supply\ncrafted smartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact.CVE-2018-16393)\n\nA buffer overflow when handling string concatenation in\nutil_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be\nused by attackers able to supply crafted smartcards to cause a denial\nof service (application crash) or possibly have unspecified other\nimpact.(CVE-2018-16418)\n\nSeveral buffer overflows when handling responses from a Cryptoflex\ncard in read_public_key in tools/cryptoflex-tool.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact.(CVE-2018-16419)\n\nSeveral buffer overflows when handling responses from an ePass 2003\nCard in decrypt_response in libopensc/card-epass2003.c in OpenSC\nbefore 0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact.(CVE-2018-16420)\n\nSeveral buffer overflows when handling responses from a CAC Card in\ncac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact.(CVE-2018-16421)\n\nA single byte buffer overflow when handling responses from an esteid\nCard in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in\nOpenSC before 0.19.0-rc1 could be used by attackers able to supply\ncrafted smartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact.(CVE-2018-16422)\n\nA double free when handling responses from a smartcard in\nsc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1\ncould be used by attackers able to supply crafted smartcards to cause\na denial of service (application crash) or possibly have unspecified\nother impact.(CVE-2018-16423)\n\nEndless recursion when handling responses from an IAS-ECC card in\niasecc_select_file in libopensc/card-iasecc.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to hang or crash the opensc library using\nprograms.(CVE-2018-16426)\n\nVarious out of bounds reads when handling responses in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to potentially crash the opensc library using\nprograms.(CVE-2018-16427)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1312.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update opensc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"opensc-0.19.0-3.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"opensc-debuginfo-0.19.0-3.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc / opensc-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:35", "description": "An update for opensc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.\n\nThe following packages have been upgraded to a later upstream version:\nopensc (0.19.0). (BZ#1656791)\n\nSecurity Fix(es) :\n\n* opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391)\n\n* opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392)\n\n* opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)\n\n* opensc: Buffer overflow handling string concatention in tools/ util.c:util_acl_to_str() (CVE-2018-16418)\n\n* opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n* opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n* opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n* opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n* opensc: Double free handling responses from smartcards in libopensc/ sc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n* opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)\n\n* opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "CentOS 7 : opensc (CESA-2019:2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:opensc", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/128365", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2154 and \n# CentOS Errata and Security Advisory 2019:2154 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128365);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16391\",\n \"CVE-2018-16392\",\n \"CVE-2018-16393\",\n \"CVE-2018-16418\",\n \"CVE-2018-16419\",\n \"CVE-2018-16420\",\n \"CVE-2018-16421\",\n \"CVE-2018-16422\",\n \"CVE-2018-16423\",\n \"CVE-2018-16426\",\n \"CVE-2018-16427\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2154\");\n\n script_name(english:\"CentOS 7 : opensc (CESA-2019:2154)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for opensc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe OpenSC set of libraries and utilities provides support for working\nwith smart cards. OpenSC focuses on cards that support cryptographic\noperations and enables their use for authentication, mail encryption,\nor digital signatures.\n\nThe following packages have been upgraded to a later upstream version:\nopensc (0.19.0). (BZ#1656791)\n\nSecurity Fix(es) :\n\n* opensc: Buffer overflows handling responses from Muscle Cards in\ncard-muscle.c:muscle_list_files() (CVE-2018-16391)\n\n* opensc: Buffer overflows handling responses from TCOS Cards in\ncard-tcos.c:tcos_select_file() (CVE-2018-16392)\n\n* opensc: Buffer overflows handling responses from Gemsafe V1\nSmartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()\n(CVE-2018-16393)\n\n* opensc: Buffer overflow handling string concatention in tools/\nutil.c:util_acl_to_str() (CVE-2018-16418)\n\n* opensc: Buffer overflow handling responses from Cryptoflex cards in\ncryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n* opensc: Buffer overflows handling responses from ePass 2003 Cards in\ncard-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n* opensc: Buffer overflows handling responses from CAC Cards in\ncard-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n* opensc: Buffer overflow handling responses from esteid cards in\npkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n* opensc: Double free handling responses from smartcards in libopensc/\nsc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n* opensc: Out of bounds reads handling responses from smartcards\n(CVE-2018-16427)\n\n* opensc: Infinite recusrion handling responses from IAS-ECC cards in\ncard-iasecc.c:iasecc_select_file() (CVE-2018-16426)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006027.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bcb4682\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opensc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"opensc-0.19.0-3.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:11", "description": "According to the versions of the opensc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16392)\n\n - Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16393)\n\n - A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16419)\n\n - Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16421)\n\n - A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16422)\n\n - A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16423)\n\n - Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.(CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.(CVE-2018-16427)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : opensc (EulerOS-SA-2020-1417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:opensc"], "id": "EULEROS_SA-2020-1417.NASL", "href": "https://www.tenable.com/plugins/nessus/135546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135546);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2018-16391\",\n \"CVE-2018-16392\",\n \"CVE-2018-16393\",\n \"CVE-2018-16418\",\n \"CVE-2018-16419\",\n \"CVE-2018-16420\",\n \"CVE-2018-16421\",\n \"CVE-2018-16422\",\n \"CVE-2018-16423\",\n \"CVE-2018-16426\",\n \"CVE-2018-16427\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : opensc (EulerOS-SA-2020-1417)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the opensc package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Several buffer overflows when handling responses from a\n Muscle Card in muscle_list_files in\n libopensc/card-muscle.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other\n impact.(CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a\n TCOS Card in tcos_select_file in libopensc/card-tcos.c\n in OpenSC before 0.19.0-rc1 could be used by attackers\n able to supply crafted smartcards to cause a denial of\n service (application crash) or possibly have\n unspecified other impact.(CVE-2018-16392)\n\n - Several buffer overflows when handling responses from a\n Gemsafe V1 Smartcard in gemsafe_get_cert_len in\n libopensc/pkcs15-gemsafeV1.c in OpenSC before\n 0.19.0-rc1 could be used by attackers able to supply\n crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact.(CVE-2018-16393)\n\n - A buffer overflow when handling string concatenation in\n util_acl_to_str in tools/util.c in OpenSC before\n 0.19.0-rc1 could be used by attackers able to supply\n crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact.(CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a\n Cryptoflex card in read_public_key in\n tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other\n impact.(CVE-2018-16419)\n\n - Several buffer overflows when handling responses from\n an ePass 2003 Card in decrypt_response in\n libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other\n impact.(CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a\n CAC Card in cac_get_serial_nr_from_CUID in\n libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could\n be used by attackers able to supply crafted smartcards\n to cause a denial of service (application crash) or\n possibly have unspecified other impact.(CVE-2018-16421)\n\n - A single byte buffer overflow when handling responses\n from an esteid Card in sc_pkcs15emu_esteid_init in\n libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other\n impact.(CVE-2018-16422)\n\n - A double free when handling responses from a smartcard\n in sc_file_set_sec_attr in libopensc/sc.c in OpenSC\n before 0.19.0-rc1 could be used by attackers able to\n supply crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact.(CVE-2018-16423)\n\n - Endless recursion when handling responses from an\n IAS-ECC card in iasecc_select_file in\n libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to hang or crash the opensc library using\n programs.(CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in\n OpenSC before 0.19.0-rc1 could be used by attackers\n able to supply crafted smartcards to potentially crash\n the opensc library using programs.(CVE-2018-16427)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1417\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69743efa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opensc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"opensc-0.16.0-5.20170227git777e2a3.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:43:04", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2154 advisory.\n\n - Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card- tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16392)\n\n - A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16419)\n\n - Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16421)\n\n - A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16422)\n\n - A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16423)\n\n - Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card- iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. (CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. (CVE-2018-16427)\n\n - Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16393)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : opensc (ELSA-2019-2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:opensc"], "id": "ORACLELINUX_ELSA-2019-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/180844", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-2154.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180844);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2018-16391\",\n \"CVE-2018-16392\",\n \"CVE-2018-16393\",\n \"CVE-2018-16418\",\n \"CVE-2018-16419\",\n \"CVE-2018-16420\",\n \"CVE-2018-16421\",\n \"CVE-2018-16422\",\n \"CVE-2018-16423\",\n \"CVE-2018-16426\",\n \"CVE-2018-16427\"\n );\n\n script_name(english:\"Oracle Linux 7 : opensc (ELSA-2019-2154)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2019-2154 advisory.\n\n - Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in\n libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-\n tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16392)\n\n - A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before\n 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other impact. (CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in\n tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16419)\n\n - Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in\n libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in\n libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16421)\n\n - A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in\n libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16422)\n\n - A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC\n before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of\n service (application crash) or possibly have unspecified other impact. (CVE-2018-16423)\n\n - Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-\n iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang\n or crash the opensc library using programs. (CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers\n able to supply crafted smartcards to potentially crash the opensc library using programs. (CVE-2018-16427)\n\n - Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in\n libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16393)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-2154.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opensc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:opensc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'opensc-0.19.0-3.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opensc-0.19.0-3.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opensc-0.19.0-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opensc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:56", "description": "The following packages have been upgraded to a later upstream version:\nopensc (0.19.0).\n\nSecurity Fix(es) :\n\n - opensc: Buffer overflows handling responses from Muscle Cards in card- muscle.c:muscle_list_files() (CVE-2018-16391)\n\n - opensc: Buffer overflows handling responses from TCOS Cards in card- tcos.c:tcos_select_file() (CVE-2018-16392)\n\n - opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)\n\n - opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)\n\n - opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n - opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n - opensc: Buffer overflows handling responses from CAC Cards in card- cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n - opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n - opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n - opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)\n\n - opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : opensc on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:opensc", "p-cpe:/a:fermilab:scientific_linux:opensc-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_OPENSC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128245", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128245);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"Scientific Linux Security Update : opensc on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following packages have been upgraded to a later upstream version:\nopensc (0.19.0).\n\nSecurity Fix(es) :\n\n - opensc: Buffer overflows handling responses from Muscle\n Cards in card- muscle.c:muscle_list_files()\n (CVE-2018-16391)\n\n - opensc: Buffer overflows handling responses from TCOS\n Cards in card- tcos.c:tcos_select_file()\n (CVE-2018-16392)\n\n - opensc: Buffer overflows handling responses from Gemsafe\n V1 Smartcards in\n pkcs15-gemsafeV1.c:gemsafe_get_cert_len()\n (CVE-2018-16393)\n\n - opensc: Buffer overflow handling string concatention in\n tools/util.c:util_acl_to_str() (CVE-2018-16418)\n\n - opensc: Buffer overflow handling responses from\n Cryptoflex cards in cryptoflex-tool.c:read_public_key()\n (CVE-2018-16419)\n\n - opensc: Buffer overflows handling responses from ePass\n 2003 Cards in card-epass2003.c:decrypt_response()\n (CVE-2018-16420)\n\n - opensc: Buffer overflows handling responses from CAC\n Cards in card- cac.c:cac_get_serial_nr_from_CUID()\n (CVE-2018-16421)\n\n - opensc: Buffer overflow handling responses from esteid\n cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init()\n (CVE-2018-16422)\n\n - opensc: Double free handling responses from smartcards\n in libopensc/sc.c:sc_file_set_sec_attr()\n (CVE-2018-16423)\n\n - opensc: Out of bounds reads handling responses from\n smartcards (CVE-2018-16427)\n\n - opensc: Infinite recusrion handling responses from\n IAS-ECC cards in card-iasecc.c:iasecc_select_file()\n (CVE-2018-16426)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=34077\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?690bc3a0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected opensc and / or opensc-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"opensc-0.19.0-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"opensc-debuginfo-0.19.0-3.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc / opensc-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:16", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has opensc packages installed that are affected by multiple vulnerabilities:\n\n - Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card- muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16392)\n\n - Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16393)\n\n - A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex- tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16419)\n\n - A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16422)\n\n - A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16423)\n\n - Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card- epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16421)\n\n - Endless recursion when handling responses from an IAS- ECC card in iasecc_select_file in libopensc/card- iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.\n (CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. (CVE-2018-16427)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : opensc Multiple Vulnerabilities (NS-SA-2019-0249)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0249_OPENSC.NASL", "href": "https://www.tenable.com/plugins/nessus/132445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0249. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132445);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-16391\",\n \"CVE-2018-16392\",\n \"CVE-2018-16393\",\n \"CVE-2018-16418\",\n \"CVE-2018-16419\",\n \"CVE-2018-16420\",\n \"CVE-2018-16421\",\n \"CVE-2018-16422\",\n \"CVE-2018-16423\",\n \"CVE-2018-16426\",\n \"CVE-2018-16427\"\n );\n script_bugtraq_id(\n 107519,\n 107573,\n 107575,\n 107576,\n 108109,\n 108112\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : opensc Multiple Vulnerabilities (NS-SA-2019-0249)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has opensc packages installed that are affected by\nmultiple vulnerabilities:\n\n - Several buffer overflows when handling responses from a\n Muscle Card in muscle_list_files in libopensc/card-\n muscle.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have\n unspecified other impact. (CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a\n TCOS Card in tcos_select_file in libopensc/card-tcos.c\n in OpenSC before 0.19.0-rc1 could be used by attackers\n able to supply crafted smartcards to cause a denial of\n service (application crash) or possibly have unspecified\n other impact. (CVE-2018-16392)\n\n - Several buffer overflows when handling responses from a\n Gemsafe V1 Smartcard in gemsafe_get_cert_len in\n libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other impact.\n (CVE-2018-16393)\n\n - A buffer overflow when handling string concatenation in\n util_acl_to_str in tools/util.c in OpenSC before\n 0.19.0-rc1 could be used by attackers able to supply\n crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact. (CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a\n Cryptoflex card in read_public_key in tools/cryptoflex-\n tool.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have\n unspecified other impact. (CVE-2018-16419)\n\n - A single byte buffer overflow when handling responses\n from an esteid Card in sc_pkcs15emu_esteid_init in\n libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other impact.\n (CVE-2018-16422)\n\n - A double free when handling responses from a smartcard\n in sc_file_set_sec_attr in libopensc/sc.c in OpenSC\n before 0.19.0-rc1 could be used by attackers able to\n supply crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact. (CVE-2018-16423)\n\n - Several buffer overflows when handling responses from an\n ePass 2003 Card in decrypt_response in libopensc/card-\n epass2003.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have\n unspecified other impact. (CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a\n CAC Card in cac_get_serial_nr_from_CUID in\n libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could\n be used by attackers able to supply crafted smartcards\n to cause a denial of service (application crash) or\n possibly have unspecified other impact. (CVE-2018-16421)\n\n - Endless recursion when handling responses from an IAS-\n ECC card in iasecc_select_file in libopensc/card-\n iasecc.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to hang or\n crash the opensc library using programs.\n (CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in\n OpenSC before 0.19.0-rc1 could be used by attackers able\n to supply crafted smartcards to potentially crash the\n opensc library using programs. (CVE-2018-16427)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0249\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL opensc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"opensc-0.19.0-3.el7\",\n \"opensc-debuginfo-0.19.0-3.el7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"opensc-0.19.0-3.el7\",\n \"opensc-debuginfo-0.19.0-3.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:35", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has opensc packages installed that are affected by multiple vulnerabilities:\n\n - Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card- muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16392)\n\n - Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16393)\n\n - A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex- tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16419)\n\n - A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-16422)\n\n - A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16423)\n\n - Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card- epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16421)\n\n - Endless recursion when handling responses from an IAS- ECC card in iasecc_select_file in libopensc/card- iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.\n (CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. (CVE-2018-16427)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-02T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : opensc Multiple Vulnerabilities (NS-SA-2019-0222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0222_OPENSC.NASL", "href": "https://www.tenable.com/plugins/nessus/131422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0222. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131422);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-16391\",\n \"CVE-2018-16392\",\n \"CVE-2018-16393\",\n \"CVE-2018-16418\",\n \"CVE-2018-16419\",\n \"CVE-2018-16420\",\n \"CVE-2018-16421\",\n \"CVE-2018-16422\",\n \"CVE-2018-16423\",\n \"CVE-2018-16426\",\n \"CVE-2018-16427\"\n );\n script_bugtraq_id(\n 107519,\n 107573,\n 107575,\n 107576,\n 108109,\n 108112\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : opensc Multiple Vulnerabilities (NS-SA-2019-0222)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has opensc packages installed that are affected by\nmultiple vulnerabilities:\n\n - Several buffer overflows when handling responses from a\n Muscle Card in muscle_list_files in libopensc/card-\n muscle.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have\n unspecified other impact. (CVE-2018-16391)\n\n - Several buffer overflows when handling responses from a\n TCOS Card in tcos_select_file in libopensc/card-tcos.c\n in OpenSC before 0.19.0-rc1 could be used by attackers\n able to supply crafted smartcards to cause a denial of\n service (application crash) or possibly have unspecified\n other impact. (CVE-2018-16392)\n\n - Several buffer overflows when handling responses from a\n Gemsafe V1 Smartcard in gemsafe_get_cert_len in\n libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other impact.\n (CVE-2018-16393)\n\n - A buffer overflow when handling string concatenation in\n util_acl_to_str in tools/util.c in OpenSC before\n 0.19.0-rc1 could be used by attackers able to supply\n crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact. (CVE-2018-16418)\n\n - Several buffer overflows when handling responses from a\n Cryptoflex card in read_public_key in tools/cryptoflex-\n tool.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have\n unspecified other impact. (CVE-2018-16419)\n\n - A single byte buffer overflow when handling responses\n from an esteid Card in sc_pkcs15emu_esteid_init in\n libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1\n could be used by attackers able to supply crafted\n smartcards to cause a denial of service (application\n crash) or possibly have unspecified other impact.\n (CVE-2018-16422)\n\n - A double free when handling responses from a smartcard\n in sc_file_set_sec_attr in libopensc/sc.c in OpenSC\n before 0.19.0-rc1 could be used by attackers able to\n supply crafted smartcards to cause a denial of service\n (application crash) or possibly have unspecified other\n impact. (CVE-2018-16423)\n\n - Several buffer overflows when handling responses from an\n ePass 2003 Card in decrypt_response in libopensc/card-\n epass2003.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to cause a\n denial of service (application crash) or possibly have\n unspecified other impact. (CVE-2018-16420)\n\n - Several buffer overflows when handling responses from a\n CAC Card in cac_get_serial_nr_from_CUID in\n libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could\n be used by attackers able to supply crafted smartcards\n to cause a denial of service (application crash) or\n possibly have unspecified other impact. (CVE-2018-16421)\n\n - Endless recursion when handling responses from an IAS-\n ECC card in iasecc_select_file in libopensc/card-\n iasecc.c in OpenSC before 0.19.0-rc1 could be used by\n attackers able to supply crafted smartcards to hang or\n crash the opensc library using programs.\n (CVE-2018-16426)\n\n - Various out of bounds reads when handling responses in\n OpenSC before 0.19.0-rc1 could be used by attackers able\n to supply crafted smartcards to potentially crash the\n opensc library using programs. (CVE-2018-16427)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0222\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL opensc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16423\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"opensc-0.19.0-3.el7\",\n \"opensc-debuginfo-0.19.0-3.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"opensc-0.19.0-3.el7\",\n \"opensc-debuginfo-0.19.0-3.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:37", "description": "This update for opensc fixes the following security issues :\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\n - CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036)\n\n - CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035)\n\n - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opensc (openSUSE-2019-904)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opensc", "p-cpe:/a:novell:opensuse:opensc-32bit", "p-cpe:/a:novell:opensuse:opensc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:opensc-debuginfo", "p-cpe:/a:novell:opensuse:opensc-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-904.NASL", "href": "https://www.tenable.com/plugins/nessus/123370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-904.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123370);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"openSUSE Security Update : opensc (openSUSE-2019-904)\");\n script_summary(english:\"Check for the openSUSE-2019-904 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for opensc fixes the following security issues :\n\n - CVE-2018-16391: Fixed a denial of service when handling\n responses from a Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling\n responses from a TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling\n responses from Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling\n string concatenation in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when\n handling responses from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling\n responses from an ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16421: Fixed buffer overflows when handling\n responses from a CAC Card (bsc#1107049)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when\n handling responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling\n responses from a smartcard (bsc#1107037)\n\n - CVE-2018-16424: Fixed double free when handling\n responses in read_file (bsc#1107036)\n\n - CVE-2018-16425: Fixed double free when handling\n responses from an HSM Card (bsc#1107035)\n\n - CVE-2018-16426: Fixed endless recursion when handling\n responses from an IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling\n responses in OpenSC (bsc#1107033)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16425\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"opensc-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"opensc-debuginfo-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"opensc-debugsource-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"opensc-32bit-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"opensc-32bit-debuginfo-0.18.0-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc / opensc-32bit / opensc-32bit-debuginfo / opensc-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:38", "description": "Security fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : opensc (2018-fe4b72fa7d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:opensc", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-FE4B72FA7D.NASL", "href": "https://www.tenable.com/plugins/nessus/120937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fe4b72fa7d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120937);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n script_xref(name:\"FEDORA\", value:\"2018-fe4b72fa7d\");\n\n script_name(english:\"Fedora 29 : opensc (2018-fe4b72fa7d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420,\nCVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425,\nCVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe4b72fa7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16425\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"opensc-0.19.0-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:24", "description": "Security fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : opensc (2018-d0dff2abaa)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:opensc", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-D0DFF2ABAA.NASL", "href": "https://www.tenable.com/plugins/nessus/120811", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-d0dff2abaa.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120811);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n script_xref(name:\"FEDORA\", value:\"2018-d0dff2abaa\");\n\n script_name(english:\"Fedora 28 : opensc (2018-d0dff2abaa)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-16418, CVE-2018-16419, CVE-2018-16420,\nCVE-2018-16421, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425,\nCVE-2018-16426, CVE-2018-16427 + support for RSA-PSS signatures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d0dff2abaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16425\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"opensc-0.19.0-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:00", "description": "This update for opensc fixes the following security issues :\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\n - CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036)\n\n - CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035)\n\n - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opensc (openSUSE-2018-1385)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opensc", "p-cpe:/a:novell:opensuse:opensc-32bit", "p-cpe:/a:novell:opensuse:opensc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:opensc-debuginfo", "p-cpe:/a:novell:opensuse:opensc-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1385.NASL", "href": "https://www.tenable.com/plugins/nessus/118881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1385.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118881);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"openSUSE Security Update : opensc (openSUSE-2018-1385)\");\n script_summary(english:\"Check for the openSUSE-2018-1385 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for opensc fixes the following security issues :\n\n - CVE-2018-16391: Fixed a denial of service when handling\n responses from a Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling\n responses from a TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling\n responses from Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling\n string concatenation in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when\n handling responses from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling\n responses from an ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16421: Fixed buffer overflows when handling\n responses from a CAC Card (bsc#1107049)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when\n handling responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling\n responses from a smartcard (bsc#1107037)\n\n - CVE-2018-16424: Fixed double free when handling\n responses in read_file (bsc#1107036)\n\n - CVE-2018-16425: Fixed double free when handling\n responses from an HSM Card (bsc#1107035)\n\n - CVE-2018-16426: Fixed endless recursion when handling\n responses from an IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling\n responses in OpenSC (bsc#1107033)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opensc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"opensc-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"opensc-debuginfo-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"opensc-debugsource-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"opensc-32bit-0.18.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"opensc-32bit-debuginfo-0.18.0-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc / opensc-debuginfo / opensc-debugsource / opensc-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:12", "description": "This update for opensc fixes the following security issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n\nCVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n\nCVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036)\n\nCVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035)\n\nCVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2018:3629-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:opensc", "p-cpe:/a:novell:suse_linux:opensc-debuginfo", "p-cpe:/a:novell:suse_linux:opensc-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-3629-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3629-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120156);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2018:3629-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opensc fixes the following security issues :\n\nCVE-2018-16391: Fixed a denial of service when handling responses from\na Muscle Card (bsc#1106998)\n\nCVE-2018-16392: Fixed a denial of service when handling responses from\na TCOS Card (bsc#1106999)\n\nCVE-2018-16393: Fixed buffer overflows when handling responses from\nGemsafe V1 Smartcards (bsc#1108318)\n\nCVE-2018-16418: Fixed buffer overflow when handling string\nconcatenation in util_acl_to_str (bsc#1107039)\n\nCVE-2018-16419: Fixed several buffer overflows when handling responses\nfrom a Cryptoflex card (bsc#1107107)\n\nCVE-2018-16420: Fixed buffer overflows when handling responses from an\nePass 2003 Card (bsc#1107097)\n\nCVE-2018-16421: Fixed buffer overflows when handling responses from a\nCAC Card (bsc#1107049)\n\nCVE-2018-16422: Fixed single byte buffer overflow when handling\nresponses from an esteid Card (bsc#1107038)\n\nCVE-2018-16423: Fixed double free when handling responses from a\nsmartcard (bsc#1107037)\n\nCVE-2018-16424: Fixed double free when handling responses in read_file\n(bsc#1107036)\n\nCVE-2018-16425: Fixed double free when handling responses from an HSM\nCard (bsc#1107035)\n\nCVE-2018-16426: Fixed endless recursion when handling responses from\nan IAS-ECC card (bsc#1107034)\n\nCVE-2018-16427: Fixed out of bounds reads when handling responses in\nOpenSC (bsc#1107033)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16391/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16393/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16421/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16422/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16424/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16426/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16427/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183629-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2883522c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2581=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16425\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opensc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"opensc-0.18.0-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"opensc-debuginfo-0.18.0-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"opensc-debugsource-0.18.0-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"opensc-0.18.0-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"opensc-debuginfo-0.18.0-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"opensc-debugsource-0.18.0-3.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:43", "description": "Several security vulnerabilities were fixed in opensc, a set of libraries and utilities to access smart cards that support cryptographic operations.\n\nOut-of-bounds reads, buffer overflows and double frees could be used by attackers able to supply crafted smart cards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 0.16.0-3+deb8u1.\n\nWe recommend that you upgrade your opensc packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Debian DLA-1916-1 : opensc security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427", "CVE-2019-15945", "CVE-2019-15946"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:opensc", "p-cpe:/a:debian:debian_linux:opensc-pkcs11", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1916.NASL", "href": "https://www.tenable.com/plugins/nessus/128743", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1916-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128743);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\", \"CVE-2019-15945\", \"CVE-2019-15946\");\n\n script_name(english:\"Debian DLA-1916-1 : opensc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities were fixed in opensc, a set of\nlibraries and utilities to access smart cards that support\ncryptographic operations.\n\nOut-of-bounds reads, buffer overflows and double frees could be used\nby attackers able to supply crafted smart cards to cause a denial of\nservice (application crash) or possibly have unspecified other impact.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.16.0-3+deb8u1.\n\nWe recommend that you upgrade your opensc packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/opensc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected opensc, and opensc-pkcs11 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:opensc-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"opensc\", reference:\"0.16.0-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"opensc-pkcs11\", reference:\"0.16.0-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T17:39:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for opensc (openSUSE-SU-2018:3701-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2018-16392", "CVE-2018-16418", "CVE-2018-16391", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852112", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852112\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\",\n \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16422\", \"CVE-2018-16423\",\n \"CVE-2018-16426\", \"CVE-2018-16427\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:57:39 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for opensc (openSUSE-SU-2018:3701-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3701-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00010.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'opensc'\n package(s) announced via the openSUSE-SU-2018:3701-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for opensc fixes the following issues:\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a\n Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling responses from a\n TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling responses from\n Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation\n in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when handling responses\n from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an\n ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when handling\n responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling responses from a\n smartcard (bsc#1107037)\n\n - CVE-2018-16426: Fixed endless recursion when handling responses from an\n IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in\n OpenSC (bsc#1107033)\n\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1384=1\");\n\n script_tag(name:\"affected\", value:\"opensc on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.13.0~9.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc-debuginfo\", rpm:\"opensc-debuginfo~0.13.0~9.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc-debugsource\", rpm:\"opensc-debugsource~0.13.0~9.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T16:55:48", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for opensc (EulerOS-SA-2020-1417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2018-16392", "CVE-2018-16418", "CVE-2018-16391", "CVE-2018-16421", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201417", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1417\");\n script_version(\"2020-04-16T05:51:06+0000\");\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16426\", \"CVE-2018-16427\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:51:06 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:51:06 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for opensc (EulerOS-SA-2020-1417)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1417\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1417\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'opensc' package(s) announced via the EulerOS-SA-2020-1417 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16391)\n\n\n\nSeveral buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16392)\n\n\n\nSeveral buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16393)\n\n\n\nA buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16418)\n\n\n\nSeveral buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16419)\n\n\n\nSeveral buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16420)\n\n\n\nSeveral buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16421)\n\n\n\nA single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16422)\n\n\n\nA double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'opensc' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.16.0~5.20170227git777e2a3.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-06T00:00:00", "type": "openvas", "title": "Fedora Update for opensc FEDORA-2018-d0dff2abaa", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2018-16392", "CVE-2018-16424", "CVE-2018-16418", "CVE-2018-16391", "CVE-2018-16425", "CVE-2018-16421", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875145", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d0dff2abaa_opensc_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for opensc FEDORA-2018-d0dff2abaa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875145\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-06 08:37:57 +0200 (Sat, 06 Oct 2018)\");\n script_cve_id(\"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\",\n \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\",\n \"CVE-2018-16427\", \"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\",\n \"CVE-2018-16422\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for opensc FEDORA-2018-d0dff2abaa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'opensc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"opensc on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d0dff2abaa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQRD3BF4XGFYMRPGT7M7LNIZGIGYGOIZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.19.0~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for opensc (openSUSE-SU-2018:3716-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2018-16392", "CVE-2018-16424", "CVE-2018-16418", "CVE-2018-16391", "CVE-2018-16425", "CVE-2018-16421", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852117", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852117\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\",\n \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\",\n \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\",\n \"CVE-2018-16427\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:58:37 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for opensc (openSUSE-SU-2018:3716-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3716-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'opensc'\n package(s) announced via the openSUSE-SU-2018:3716-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for opensc fixes the following security issues:\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a\n Muscle Card (bsc#1106998)\n\n - CVE-2018-16392: Fixed a denial of service when handling responses from a\n TCOS Card (bsc#1106999)\n\n - CVE-2018-16393: Fixed buffer overflows when handling responses from\n Gemsafe V1 Smartcards (bsc#1108318)\n\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation\n in util_acl_to_str (bsc#1107039)\n\n - CVE-2018-16419: Fixed several buffer overflows when handling responses\n from a Cryptoflex card (bsc#1107107)\n\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an\n ePass 2003 Card (bsc#1107097)\n\n - CVE-2018-16421: Fixed buffer overflows when handling responses from a\n CAC Card (bsc#1107049)\n\n - CVE-2018-16422: Fixed single byte buffer overflow when handling\n responses from an esteid Card (bsc#1107038)\n\n - CVE-2018-16423: Fixed double free when handling responses from a\n smartcard (bsc#1107037)\n\n - CVE-2018-16424: Fixed double free when handling responses in read_file\n (bsc#1107036)\n\n - CVE-2018-16425: Fixed double free when handling responses from an HSM\n Card (bsc#1107035)\n\n - CVE-2018-16426: Fixed endless recursion when handling responses from an\n IAS-ECC card (bsc#1107034)\n\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in\n OpenSC (bsc#1107033)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1385=1\");\n\n script_tag(name:\"affected\", value:\"opensc on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.18.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc-debuginfo\", rpm:\"opensc-debuginfo~0.18.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc-debugsource\", rpm:\"opensc-debugsource~0.18.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc-32bit\", rpm:\"opensc-32bit~0.18.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opensc-32bit-debuginfo\", rpm:\"opensc-32bit-debuginfo~0.18.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:24:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for opensc (DLA-1916-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2019-15945", "CVE-2018-16392", "CVE-2018-16424", "CVE-2018-16418", "CVE-2018-16391", "CVE-2019-15946", "CVE-2018-16425", "CVE-2018-16421", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891916", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891916\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-16391\", \"CVE-2018-16392\", \"CVE-2018-16393\", \"CVE-2018-16418\", \"CVE-2018-16419\", \"CVE-2018-16420\", \"CVE-2018-16421\", \"CVE-2018-16422\", \"CVE-2018-16423\", \"CVE-2018-16424\", \"CVE-2018-16425\", \"CVE-2018-16426\", \"CVE-2018-16427\", \"CVE-2019-15945\", \"CVE-2019-15946\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-12 02:00:33 +0000 (Thu, 12 Sep 2019)\");\n script_name(\"Debian LTS: Security Advisory for opensc (DLA-1916-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1916-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/909444\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/939668\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/939669\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'opensc'\n package(s) announced via the DLA-1916-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security vulnerabilities were fixed in opensc, a set of\nlibraries and utilities to access smart cards that support\ncryptographic operations.\n\nOut-of-bounds reads, buffer overflows and double frees could be used\nby attackers able to supply crafted smart cards to cause a denial of\nservice (application crash) or possibly have unspecified other impact.\");\n\n script_tag(name:\"affected\", value:\"'opensc' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.16.0-3+deb8u1.\n\nWe recommend that you upgrade your opensc packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"opensc\", ver:\"0.16.0-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"opensc-pkcs11\", ver:\"0.16.0-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-12-06T18:45:29", "description": "**Issue Overview:**\n\nSeveral buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16391)\n\nSeveral buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16392)\n\nSeveral buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.CVE-2018-16393)\n\nA buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16418)\n\nSeveral buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16419)\n\nSeveral buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16420)\n\nSeveral buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16421)\n\nA single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16422)\n\nA double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16423)\n\nEndless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.(CVE-2018-16426)\n\nVarious out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.(CVE-2018-16427)\n\n \n**Affected Packages:** \n\n\nopensc\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update opensc_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 opensc-0.19.0-3.amzn2.aarch64 \n \u00a0\u00a0\u00a0 opensc-debuginfo-0.19.0-3.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 opensc-0.19.0-3.amzn2.i686 \n \u00a0\u00a0\u00a0 opensc-debuginfo-0.19.0-3.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 opensc-0.19.0-3.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 opensc-0.19.0-3.amzn2.x86_64 \n \u00a0\u00a0\u00a0 opensc-debuginfo-0.19.0-3.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-16391](<https://access.redhat.com/security/cve/CVE-2018-16391>), [CVE-2018-16392](<https://access.redhat.com/security/cve/CVE-2018-16392>), [CVE-2018-16393](<https://access.redhat.com/security/cve/CVE-2018-16393>), [CVE-2018-16418](<https://access.redhat.com/security/cve/CVE-2018-16418>), [CVE-2018-16419](<https://access.redhat.com/security/cve/CVE-2018-16419>), [CVE-2018-16420](<https://access.redhat.com/security/cve/CVE-2018-16420>), [CVE-2018-16421](<https://access.redhat.com/security/cve/CVE-2018-16421>), [CVE-2018-16422](<https://access.redhat.com/security/cve/CVE-2018-16422>), [CVE-2018-16423](<https://access.redhat.com/security/cve/CVE-2018-16423>), [CVE-2018-16426](<https://access.redhat.com/security/cve/CVE-2018-16426>), [CVE-2018-16427](<https://access.redhat.com/security/cve/CVE-2018-16427>)\n\nMitre: [CVE-2018-16391](<https://vulners.com/cve/CVE-2018-16391>), [CVE-2018-16392](<https://vulners.com/cve/CVE-2018-16392>), [CVE-2018-16393](<https://vulners.com/cve/CVE-2018-16393>), [CVE-2018-16418](<https://vulners.com/cve/CVE-2018-16418>), [CVE-2018-16419](<https://vulners.com/cve/CVE-2018-16419>), [CVE-2018-16420](<https://vulners.com/cve/CVE-2018-16420>), [CVE-2018-16421](<https://vulners.com/cve/CVE-2018-16421>), [CVE-2018-16422](<https://vulners.com/cve/CVE-2018-16422>), [CVE-2018-16423](<https://vulners.com/cve/CVE-2018-16423>), [CVE-2018-16426](<https://vulners.com/cve/CVE-2018-16426>), [CVE-2018-16427](<https://vulners.com/cve/CVE-2018-16427>)\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-08T22:01:00", "type": "amazon", "title": "Medium: opensc", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2019-10-09T23:21:00", "id": "ALAS2-2019-1312", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1312.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-11-10T02:37:49", "description": "This update for opensc fixes the following issues:\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a\n Muscle Card (bsc#1106998)\n - CVE-2018-16392: Fixed a denial of service when handling responses from a\n TCOS Card (bsc#1106999)\n - CVE-2018-16393: Fixed buffer overflows when handling responses from\n Gemsafe V1 Smartcards (bsc#1108318)\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation\n in util_acl_to_str (bsc#1107039)\n - CVE-2018-16419: Fixed several buffer overflows when handling responses\n from a Cryptoflex card (bsc#1107107)\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an\n ePass 2003 Card (bsc#1107097)\n - CVE-2018-16422: Fixed single byte buffer overflow when handling\n responses from an esteid Card (bsc#1107038)\n - CVE-2018-16423: Fixed double free when handling responses from a\n smartcard (bsc#1107037)\n - CVE-2018-16426: Fixed endless recursion when handling responses from an\n IAS-ECC card (bsc#1107034)\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in\n OpenSC (bsc#1107033)\n\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-11-10T00:17:23", "type": "suse", "title": "Security update for opensc (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2018-16392", "CVE-2018-16418", "CVE-2018-16391", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2018-11-10T00:17:23", "id": "OPENSUSE-SU-2018:3701-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00010.html", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-10T02:37:49", "description": "This update for opensc fixes the following security issues:\n\n - CVE-2018-16391: Fixed a denial of service when handling responses from a\n Muscle Card (bsc#1106998)\n - CVE-2018-16392: Fixed a denial of service when handling responses from a\n TCOS Card (bsc#1106999)\n - CVE-2018-16393: Fixed buffer overflows when handling responses from\n Gemsafe V1 Smartcards (bsc#1108318)\n - CVE-2018-16418: Fixed buffer overflow when handling string concatenation\n in util_acl_to_str (bsc#1107039)\n - CVE-2018-16419: Fixed several buffer overflows when handling responses\n from a Cryptoflex card (bsc#1107107)\n - CVE-2018-16420: Fixed buffer overflows when handling responses from an\n ePass 2003 Card (bsc#1107097)\n - CVE-2018-16421: Fixed buffer overflows when handling responses from a\n CAC Card (bsc#1107049)\n - CVE-2018-16422: Fixed single byte buffer overflow when handling\n responses from an esteid Card (bsc#1107038)\n - CVE-2018-16423: Fixed double free when handling responses from a\n smartcard (bsc#1107037)\n - CVE-2018-16424: Fixed double free when handling responses in read_file\n (bsc#1107036)\n - CVE-2018-16425: Fixed double free when handling responses from an HSM\n Card (bsc#1107035)\n - CVE-2018-16426: Fixed endless recursion when handling responses from an\n IAS-ECC card (bsc#1107034)\n - CVE-2018-16427: Fixed out of bounds reads when handling responses in\n OpenSC (bsc#1107033)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-11-10T00:27:22", "type": "suse", "title": "Security update for opensc (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2018-16392", "CVE-2018-16424", "CVE-2018-16418", "CVE-2018-16391", "CVE-2018-16425", "CVE-2018-16421", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2018-11-10T00:27:22", "id": "OPENSUSE-SU-2018:3716-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2023-12-06T12:41:48", "description": "The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.\n\nThe following packages have been upgraded to a later upstream version: opensc (0.19.0). (BZ#1656791)\n\nSecurity Fix(es):\n\n* opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391)\n\n* opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392)\n\n* opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)\n\n* opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)\n\n* opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n* opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n* opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n* opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n* opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n* opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)\n\n* opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-06T08:07:23", "type": "redhat", "title": "(RHSA-2019:2154) Moderate: opensc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2019-08-06T09:42:18", "id": "RHSA-2019:2154", "href": "https://access.redhat.com/errata/RHSA-2019:2154", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:37", "description": "[0.19.0-3]\n- Make OpenSC multilib also on s390 and ppc arches\n[0.19.0-2]\n- Make OpenSC multilib again by moving the conflicting files on ix86 arch\n[0.19.0-1]\n- Rebase to new upstream release (#1656791)\n - Add Support for HID Crescendo 144K (#1612372)\n - Add Support for CAC Alt tokens (#1645581)\n - Fix usage detection from certificates (#1672898)\n - Fix security issues:\n - CVE-2018-16391\n - CVE-2018-16392\n - CVE-2018-16393\n - CVE-2018-16418\n - CVE-2018-16419\n - CVE-2018-16420\n - CVE-2018-16421\n - CVE-2018-16422\n - CVE-2018-16423\n - CVE-2018-16426\n - CVE-2018-16427", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "oraclelinux", "title": "opensc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2019-08-13T00:00:00", "id": "ELSA-2019-2154", "href": "http://linux.oracle.com/errata/ELSA-2019-2154.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-12-06T19:43:06", "description": "**CentOS Errata and Security Advisory** CESA-2019:2154\n\n\nThe OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.\n\nThe following packages have been upgraded to a later upstream version: opensc (0.19.0). (BZ#1656791)\n\nSecurity Fix(es):\n\n* opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391)\n\n* opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392)\n\n* opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)\n\n* opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)\n\n* opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)\n\n* opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)\n\n* opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)\n\n* opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)\n\n* opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)\n\n* opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)\n\n* opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2019-August/032297.html\n\n**Affected packages:**\nopensc\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2019:2154", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-30T03:47:57", "type": "centos", "title": "opensc security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2019-08-30T03:47:57", "id": "CESA-2019:2154", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032297.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-06T16:56:00", "description": "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16391). Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16392). Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16393). A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16418). Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16419). Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16420). Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16421). A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16422). A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16423). A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16424). A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16425). Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs (CVE-2018-16426). Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs (CVE-2018-16427). \n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-09T00:50:23", "type": "mageia", "title": "Updated opensc packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2019-01-09T00:50:23", "id": "MGASA-2019-0019", "href": "https://advisories.mageia.org/MGASA-2019-0019.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible w ith every software/card that does so, too. ", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-05T16:07:00", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: opensc-0.19.0-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2018-10-05T16:07:00", "id": "FEDORA:93D5861209F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FELOINZJEHXTJ757WSU4HYL5HWENARJH/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible w ith every software/card that does so, too. ", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-05T17:12:11", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: opensc-0.19.0-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427"], "modified": "2018-10-05T17:12:11", "id": "FEDORA:C86A26079D25", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SQRD3BF4XGFYMRPGT7M7LNIZGIGYGOIZ/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:18:46", "description": "\nSeveral security vulnerabilities were fixed in opensc, a set of\nlibraries and utilities to access smart cards that support\ncryptographic operations.\n\n\nOut-of-bounds reads, buffer overflows and double frees could be used\nby attackers able to supply crafted smart cards to cause a denial of\nservice (application crash) or possibly have unspecified other impact.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n0.16.0-3+deb8u1.\n\n\nWe recommend that you upgrade your opensc packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-11T00:00:00", "type": "osv", "title": "opensc - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16420", "CVE-2018-16419", "CVE-2018-16393", "CVE-2019-15945", "CVE-2018-16392", "CVE-2018-16424", "CVE-2018-16418", "CVE-2018-16391", "CVE-2019-15946", "CVE-2018-16425", "CVE-2018-16421", "CVE-2018-16423", "CVE-2018-16426", "CVE-2018-16422", "CVE-2018-16427"], "modified": "2022-08-05T05:18:34", "id": "OSV:DLA-1916-1", "href": "https://osv.dev/vulnerability/DLA-1916-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T12:44:49", "description": "Package : opensc\nVersion : 0.16.0-3+deb8u1\nCVE ID : CVE-2018-16391 CVE-2018-16392 CVE-2018-16393\n CVE-2018-16418 CVE-2018-16419 CVE-2018-16420\n CVE-2018-16421 CVE-2018-16422 CVE-2018-16423\n CVE-2018-16424 CVE-2018-16425 CVE-2018-16426\n CVE-2018-16427 CVE-2019-15945 CVE-2019-15946\nDebian Bug : 909444 939668 939669\n\nSeveral security vulnerabilities were fixed in opensc, a set of\nlibraries and utilities to access smart cards that support\ncryptographic operations.\n\nOut-of-bounds reads, buffer overflows and double frees could be used\nby attackers able to supply crafted smart cards to cause a denial of\nservice (application crash) or possibly have unspecified other impact.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.16.0-3+deb8u1.\n\nWe recommend that you upgrade your opensc packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-11T19:53:49", "type": "debian", "title": "[SECURITY] [DLA 1916-1] opensc security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427", "CVE-2019-15945", "CVE-2019-15946"], "modified": "2019-09-11T19:53:49", "id": "DEBIAN:DLA-1916-1:954B1", "href": "https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:00:14", "description": "Package : opensc\nVersion : 0.16.0-3+deb8u1\nCVE ID : CVE-2018-16391 CVE-2018-16392 CVE-2018-16393\n CVE-2018-16418 CVE-2018-16419 CVE-2018-16420\n CVE-2018-16421 CVE-2018-16422 CVE-2018-16423\n CVE-2018-16424 CVE-2018-16425 CVE-2018-16426\n CVE-2018-16427 CVE-2019-15945 CVE-2019-15946\nDebian Bug : 909444 939668 939669\n\nSeveral security vulnerabilities were fixed in opensc, a set of\nlibraries and utilities to access smart cards that support\ncryptographic operations.\n\nOut-of-bounds reads, buffer overflows and double frees could be used\nby attackers able to supply crafted smart cards to cause a denial of\nservice (application crash) or possibly have unspecified other impact.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.16.0-3+deb8u1.\n\nWe recommend that you upgrade your opensc packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-11T19:53:49", "type": "debian", "title": "[SECURITY] [DLA 1916-1] opensc security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16391", "CVE-2018-16392", "CVE-2018-16393", "CVE-2018-16418", "CVE-2018-16419", "CVE-2018-16420", "CVE-2018-16421", "CVE-2018-16422", "CVE-2018-16423", "CVE-2018-16424", "CVE-2018-16425", "CVE-2018-16426", "CVE-2018-16427", "CVE-2019-15945", "CVE-2019-15946"], "modified": "2019-09-11T19:53:49", "id": "DEBIAN:DLA-1916-1:38C7F", "href": "https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2018-16427
