Novell Home

CVE-2009-0368

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-0368 at MITRE

Details

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
Novell Bugzilla entry: 480262,548555

SUSE Security Advisories:

Product(s) Fixed package version(s) References
openSUSE 10.3
  • libopensc2 >= 0.11.3-21.6
  • libopensc2-32bit >= 0.11.3-21.6
  • libopensc2-64bit >= 0.11.3-21.6
  • opensc >= 0.11.3-21.6
  • opensc-32bit >= 0.11.3-21.6
  • opensc-64bit >= 0.11.3-21.6
  • opensc-devel >= 0.11.3-21.6
ZYPP Patch Nr: 6071
SAT Patch Nr: 598
openSUSE 11.0
  • opensc-debuginfo >= 0.11.4-37.6
  • opensc-debugsource >= 0.11.4-37.6
ZYPP Patch Nr: 6071
SAT Patch Nr: 598
openSUSE 11.0
  • libopensc2 >= 0.11.4-37.6
  • libopensc2-32bit >= 0.11.4-37.6
  • libopensc2-64bit >= 0.11.4-37.6
  • opensc >= 0.11.4-37.6
  • opensc-32bit >= 0.11.4-37.6
  • opensc-64bit >= 0.11.4-37.6
  • opensc-devel >= 0.11.4-37.6
ZYPP Patch Nr: 6071
SAT Patch Nr: 598
openSUSE 11.1
  • opensc-debuginfo >= 0.11.6-5.2.1
  • opensc-debugsource >= 0.11.6-5.2.1
ZYPP Patch Nr: 6071
SAT Patch Nr: 598
openSUSE 11.1
  • libopensc2 >= 0.11.6-5.2.1
  • libopensc2-32bit >= 0.11.6-5.2.1
  • libopensc2-64bit >= 0.11.6-5.2.2
  • opensc >= 0.11.6-5.2.1
  • opensc-32bit >= 0.11.6-5.2.1
  • opensc-64bit >= 0.11.6-5.2.2
  • opensc-devel >= 0.11.6-5.2.1
ZYPP Patch Nr: 6071
SAT Patch Nr: 598
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • opensc >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
  • opensc >= 0.9.6-17.12
  • opensc-32bit >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SLE SDK 10 SP2 for IBM iSeries and IBM pSeries
SLE SDK 10 SP2 for IPF
SLE SDK 10 SP2 for x86
  • opensc-devel >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SLE SDK 10 SP2 for IBM zSeries
SLE SDK 10 SP2 for X86-64
  • opensc-32bit >= 0.9.6-17.12
  • opensc-devel >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SUSE Linux Enterprise Server 10 SP2 for x86
  • opensc >= 0.9.6-17.12
  • opensc-devel >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SUSE Linux Enterprise Server 10 SP2 for IPF
  • opensc >= 0.9.6-17.12
  • opensc-devel >= 0.9.6-17.12
  • opensc-x86 >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
  • opensc >= 0.9.6-17.12
  • opensc-64bit >= 0.9.6-17.12
  • opensc-devel >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
  • opensc >= 0.9.6-17.12
  • opensc-32bit >= 0.9.6-17.12
  • opensc-devel >= 0.9.6-17.12
sles10-sp2. x86-64
sles10-sp2. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. ppc
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6053
SLES 11 DEBUGINFO
  • opensc-debuginfo >= 0.11.6-5.25.1
  • opensc-debugsource >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641
SLES 11 DEBUGINFO
  • opensc-debuginfo >= 0.11.6-5.25.1
  • opensc-debuginfo-x86 >= 0.11.6-5.25.1
  • opensc-debugsource >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641
SLES 11 DEBUGINFO
  • opensc-debuginfo >= 0.11.6-5.25.1
  • opensc-debuginfo-32bit >= 0.11.6-5.25.1
  • opensc-debugsource >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641
SLE 11
  • opensc-devel >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641
SLED 11
SLES 11
  • libopensc2 >= 0.11.6-5.25.1
  • opensc >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641
SLES 11
  • libopensc2 >= 0.11.6-5.25.1
  • libopensc2-x86 >= 0.11.6-5.25.1
  • opensc >= 0.11.6-5.25.1
  • opensc-x86 >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641
SLED 11
SLES 11
  • libopensc2 >= 0.11.6-5.25.1
  • libopensc2-32bit >= 0.11.6-5.25.1
  • opensc >= 0.11.6-5.25.1
  • opensc-32bit >= 0.11.6-5.25.1
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. ppc
SAT Patch Nr: 641

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.