CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.3%
According to the versions of the opensc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16391)
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16392)
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16393)
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16418)
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16419)
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16420)
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16421)
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16422)
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-16423)
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.(CVE-2018-16426)
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.(CVE-2018-16427)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135546);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id(
"CVE-2018-16391",
"CVE-2018-16392",
"CVE-2018-16393",
"CVE-2018-16418",
"CVE-2018-16419",
"CVE-2018-16420",
"CVE-2018-16421",
"CVE-2018-16422",
"CVE-2018-16423",
"CVE-2018-16426",
"CVE-2018-16427"
);
script_name(english:"EulerOS 2.0 SP3 : opensc (EulerOS-SA-2020-1417)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the opensc package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Several buffer overflows when handling responses from a
Muscle Card in muscle_list_files in
libopensc/card-muscle.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted
smartcards to cause a denial of service (application
crash) or possibly have unspecified other
impact.(CVE-2018-16391)
- Several buffer overflows when handling responses from a
TCOS Card in tcos_select_file in libopensc/card-tcos.c
in OpenSC before 0.19.0-rc1 could be used by attackers
able to supply crafted smartcards to cause a denial of
service (application crash) or possibly have
unspecified other impact.(CVE-2018-16392)
- Several buffer overflows when handling responses from a
Gemsafe V1 Smartcard in gemsafe_get_cert_len in
libopensc/pkcs15-gemsafeV1.c in OpenSC before
0.19.0-rc1 could be used by attackers able to supply
crafted smartcards to cause a denial of service
(application crash) or possibly have unspecified other
impact.(CVE-2018-16393)
- A buffer overflow when handling string concatenation in
util_acl_to_str in tools/util.c in OpenSC before
0.19.0-rc1 could be used by attackers able to supply
crafted smartcards to cause a denial of service
(application crash) or possibly have unspecified other
impact.(CVE-2018-16418)
- Several buffer overflows when handling responses from a
Cryptoflex card in read_public_key in
tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted
smartcards to cause a denial of service (application
crash) or possibly have unspecified other
impact.(CVE-2018-16419)
- Several buffer overflows when handling responses from
an ePass 2003 Card in decrypt_response in
libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted
smartcards to cause a denial of service (application
crash) or possibly have unspecified other
impact.(CVE-2018-16420)
- Several buffer overflows when handling responses from a
CAC Card in cac_get_serial_nr_from_CUID in
libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could
be used by attackers able to supply crafted smartcards
to cause a denial of service (application crash) or
possibly have unspecified other impact.(CVE-2018-16421)
- A single byte buffer overflow when handling responses
from an esteid Card in sc_pkcs15emu_esteid_init in
libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted
smartcards to cause a denial of service (application
crash) or possibly have unspecified other
impact.(CVE-2018-16422)
- A double free when handling responses from a smartcard
in sc_file_set_sec_attr in libopensc/sc.c in OpenSC
before 0.19.0-rc1 could be used by attackers able to
supply crafted smartcards to cause a denial of service
(application crash) or possibly have unspecified other
impact.(CVE-2018-16423)
- Endless recursion when handling responses from an
IAS-ECC card in iasecc_select_file in
libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1
could be used by attackers able to supply crafted
smartcards to hang or crash the opensc library using
programs.(CVE-2018-16426)
- Various out of bounds reads when handling responses in
OpenSC before 0.19.0-rc1 could be used by attackers
able to supply crafted smartcards to potentially crash
the opensc library using programs.(CVE-2018-16427)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1417
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69743efa");
script_set_attribute(attribute:"solution", value:
"Update the affected opensc packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16423");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-16393");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:opensc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["opensc-0.16.0-5.20170227git777e2a3.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensc");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427
www.nessus.org/u?69743efa
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.3%