Mandriva Linux Security Advisory : opensc (MDVSA-2009:089)

Low Nessus Plugin ID 36781


The remote Mandriva Linux host is missing one or more security updates.


OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

The updated packages fix the issue.


Update the affected packages.

Plugin Details

Severity: Low

ID: 36781

File Name: mandriva_MDVSA-2009-089.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/04/23

Modified: 2015/03/30

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64opensc-devel, p-cpe:/a:mandriva:linux:lib64opensc2, p-cpe:/a:mandriva:linux:libopensc-devel, p-cpe:/a:mandriva:linux:libopensc2, p-cpe:/a:mandriva:linux:mozilla-plugin-opensc, p-cpe:/a:mandriva:linux:opensc, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1, cpe:/o:mandriva:linux:2009.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/04/09

Reference Information

CVE: CVE-2009-0368

BID: 33922

MDVSA: 2009:089

CWE: 310