Detections
Analytics

TencentOS Server 4: opensc (TSSA-2024:0030)

high Nessus Plugin ID 239185

Synopsis

The remote TencentOS Server 4 host is missing one or more security updates.

Description

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0030 advisory.

 Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

 CVE-2021-34193:
 Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.

 CVE-2023-2977:
 A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context.
 The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

 CVE-2023-40660:
 A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

 CVE-2023-4535:
 An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://mirrors.tencent.com/tlinux/errata/tssa-20240030.xml

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34193

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2977

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40660

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4535

Plugin Details

Severity: High

ID: 239185

File Name: tencentos_TSSA_2024_0030.nasl

Version: 1.1

Type: local

Published: 6/16/2025

Updated: 6/16/2025

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:tencent:tencentos_server:opensc, cpe:/o:tencent:tencentos_server:4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/etc/os-release, Host/TencentOS/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/7/2024

Vulnerability Publication Date: 2/7/2024