NewStart CGSL CORE 5.04 / MAIN 5.04 : opensc Multiple Vulnerabilities (NS-SA-2019-0222)

Medium Nessus Plugin ID 131422

Synopsis

The remote machine is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has opensc packages installed that are affected by multiple vulnerabilities:

- Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card- muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16391)

- Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16392)

- Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
(CVE-2018-16393)

- A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16418)

- Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex- tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16419)

- A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
(CVE-2018-16422)

- A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16423)

- Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card- epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16420)

- Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-16421)

- Endless recursion when handling responses from an IAS- ECC card in iasecc_select_file in libopensc/card- iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
(CVE-2018-16426)

- Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. (CVE-2018-16427)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL opensc packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2019-0222

Plugin Details

Severity: Medium

ID: 131422

File Name: newstart_cgsl_NS-SA-2019-0222_opensc.nasl

Version: 1.2

Type: local

Published: 2019/12/02

Updated: 2019/12/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2018-16423

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 6.6

Temporal Score: 5.8

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/11/22

Vulnerability Publication Date: 2018/09/03

Reference Information

CVE: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16426, CVE-2018-16427

BID: 107519, 107573, 107575, 107576, 108109, 108112