SB2018092522 - Fedora 28 update for opensc

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018092522

SB2018092522 - Fedora 28 update for opensc

Published: September 25, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018092522
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-16418)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling string concatenation in util_acl_to_str in tools/util.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


2) Buffer overflow (CVE-ID: CVE-2018-16419)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


3) Buffer overflow (CVE-ID: CVE-2018-16420)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


4) Buffer overflow (CVE-ID: CVE-2018-16421)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c. A local attacker can create a specially crafted smartcards, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Double-free error (CVE-ID: CVE-2018-16423)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to double-free error when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


6) Double free error (CVE-ID: CVE-2018-16424)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when the read_file() function, as defined in the src/tools/egk-tool.c source code file, is used. A remote attacker can supply a specially crafted smart card, trigger a double-free memory error and cause the service to crash.


7) Double Free (CVE-ID: CVE-2018-16425)

The vulnerability allows a local authenticated user to execute arbitrary code.

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.


8) Endless recursion (CVE-ID: CVE-2018-16426)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c. A remote unauthenticated attacker can supply specially crafted smartcards to hang or crash the opensc library using programs.


9) Out-of-bounds read (CVE-ID: CVE-2018-16427)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read when handling responses. A remote unauthenticated attacker can supply specially crafted smartcards to crash the opensc library using programs.


10) Buffer overflow (CVE-ID: CVE-2018-16391)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


11) Buffer overflow (CVE-ID: CVE-2018-16392)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


12) Buffer overflow (CVE-ID: CVE-2018-16393)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


13) Buffer overflow (CVE-ID: CVE-2018-16422)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c. A remote unauthenticated attacker can supply specially crafted smartcards, trigger memory corruption and cause the application to crash.


Remediation

Install update from vendor's website.

References