Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3463.NASL
HistoryJun 21, 2023 - 12:00 a.m.

Debian DLA-3463-1 : opensc - LTS security update

2023-06-2100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
debian 10
vulnerabilities
opensc
memory leak
heap use after free
use after return
heap buffer overflow
stack buffer overflow
buffer overrun
dla-3463-1

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

69.1%

JSON

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3463 advisory.

  • sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. (CVE-2019-6502)

  • A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. (CVE-2021-42779)

  • A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. (CVE-2021-42780)

  • Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. (CVE-2021-42781)

  • Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. (CVE-2021-42782)

  • A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context.
    The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. (CVE-2023-2977)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3463. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(177462);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/21");

  script_cve_id(
    "CVE-2019-6502",
    "CVE-2021-42779",
    "CVE-2021-42780",
    "CVE-2021-42781",
    "CVE-2021-42782",
    "CVE-2023-2977"
  );

  script_name(english:"Debian DLA-3463-1 : opensc - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3463 advisory.

  - sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from
    eidenv. (CVE-2019-6502)

  - A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. (CVE-2021-42779)

  - A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could
    potentially crash programs using the library. (CVE-2021-42780)

  - Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could
    potentially crash programs using the library. (CVE-2021-42781)

  - Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could
    potentially crash programs using the library. (CVE-2021-42782)

  - A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15
    cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context.
    The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is
    wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In
    cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is
    possible. (CVE-2023-2977)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037021");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/opensc");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3463");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-6502");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-42779");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-42780");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-42781");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-42782");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2977");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/opensc");
  script_set_attribute(attribute:"solution", value:
"Upgrade the opensc packages.

For Debian 10 buster, these problems have been fixed in version 0.19.0-1+deb10u2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-42782");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-2977");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensc-pkcs11");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'opensc', 'reference': '0.19.0-1+deb10u2'},
    {'release': '10.0', 'prefix': 'opensc-pkcs11', 'reference': '0.19.0-1+deb10u2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opensc / opensc-pkcs11');
}

References

Related

openvas 18
debian 1
osv 12
amazon 1
nessus 30
mageia 3
suse 1
gentoo 1
veracode 6
cvelist 6
nvd 6
cbl_mariner 5
redhatcve 7
ubuntucve 6
debiancve 6
cve 6
prion 6
alpinelinux 2
symantec 1
fedora 2
redhat 2
almalinux 2
oraclelinux 2
archlinux 1
rosalinux 1
openvas
openvas
Debian: Security Advisory (DLA-3463-1)
2023-06-21 00:00:00
Mageia: Security Advisory (MGASA-2021-0512)
2022-01-28 00:00:00
openSUSE: Security Advisory for opensc (SUSE-SU-2022:1156-1)
2022-05-17 00:00:00
debian
debian
[SECURITY] [DLA 3463-1] opensc security update
2023-06-21 00:02:05
osv
osv
opensc - security update
2023-06-21 00:00:00
opensc-0.22.0-2.1 on GA media
2024-06-15 00:00:00
CVE-2021-42780
2022-04-18 17:15:16
amazon
amazon
Medium: opensc
2023-06-21 19:11:00
nessus
nessus
Amazon Linux 2 : opensc (ALAS-2023-2102)
2023-07-01 00:00:00
SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2022:1156-1)
2022-04-13 00:00:00
SUSE SLES12 Security Update : opensc (SUSE-SU-2021:3582-1)
2021-10-30 00:00:00
mageia
mageia
Updated opensc packages fix security vulnerability
2021-11-19 00:50:59
Updated opensc packages fix security vulnerability
2023-07-07 08:54:45
Updated opensc packages fix security vulnerability
2020-01-08 00:19:56
suse
suse
Security update for opensc (important)
2022-04-12 00:00:00
gentoo
gentoo
OpenSC: Multiple Vulnerabilities
2022-09-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-22 19:59:05
Denial Of Service (DoS)
2022-04-22 19:58:45
Denial Of Service (DoS)
2022-04-22 19:58:46
cvelist
cvelist
CVE-2021-42779
2022-04-18 00:00:00
CVE-2021-42781
2022-04-18 00:00:00
CVE-2021-42780
2022-04-18 00:00:00
nvd
nvd
CVE-2021-42779
2022-04-18 17:15:16
CVE-2021-42780
2022-04-18 17:15:16
CVE-2021-42782
2022-04-18 17:15:16
cbl_mariner
cbl_mariner
CVE-2021-42782 affecting package opensc for versions less than 0.22.0-1
2022-06-26 03:29:37
CVE-2021-42779 affecting package opensc for versions less than 0.22.0-1
2022-06-26 03:29:37
CVE-2021-42780 affecting package opensc for versions less than 0.22.0-1
2022-06-26 03:29:37
redhatcve
redhatcve
CVE-2021-42779
2021-10-21 15:34:14
CVE-2021-42781
2021-10-21 15:34:14
CVE-2021-42782
2021-10-21 15:09:41
ubuntucve
ubuntucve
CVE-2021-42779
2022-04-18 00:00:00
CVE-2021-42782
2022-04-18 00:00:00
CVE-2021-42781
2022-04-18 00:00:00
debiancve
debiancve
CVE-2021-42781
2022-04-18 17:15:16
CVE-2021-42782
2022-04-18 17:15:16
CVE-2021-42779
2022-04-18 17:15:16
cve
cve
CVE-2021-42782
2022-04-18 17:15:16
CVE-2021-42779
2022-04-18 17:15:16
CVE-2021-42780
2022-04-18 17:15:16
prion
prion
Heap overflow
2022-04-18 17:15:00
Stack overflow
2022-04-18 17:15:00
Design/Logic Flaw
2022-04-18 17:15:00
alpinelinux
alpinelinux
CVE-2019-6502
2019-01-22 08:29:00
CVE-2023-2977
2023-06-01 01:15:17
symantec
symantec
OpenSC CVE-2019-6502 Memory Leak Denial of Service Vulnerability
2019-01-20 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: opensc-0.23.0-5.fc37
2023-08-17 00:34:24
[SECURITY] Fedora 38 Update: opensc-0.23.0-5.fc38
2023-08-17 01:17:16
redhat
redhat
(RHSA-2023:7160) Low: opensc security and bug fix update
2023-11-14 08:46:46
(RHSA-2023:6587) Low: opensc security update
2023-11-07 06:09:35
almalinux
almalinux
Low: opensc security update
2023-11-07 00:00:00
Low: opensc security and bug fix update
2023-11-14 00:00:00
oraclelinux
oraclelinux
opensc security and bug fix update
2023-11-17 00:00:00
opensc security update
2023-11-11 00:00:00
archlinux
archlinux
[ASA-202003-2] opensc: denial of service
2020-03-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1936
2021-07-02 17:36:31

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

69.1%

JSON
Related for DEBIAN_DLA-3463.NASL
openvas18debian1osv12amazon1nessus30mageia3suse1gentoo1veracode6cvelist6nvd6cbl_mariner5redhatcve7ubuntucve6debiancve6cve6prion6alpinelinux2symantec1fedora2redhat2almalinux2oraclelinux2archlinux1rosalinux1