CVE-2009-1603

Mandriva Linux Security Advisory 2009-123

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.

Vulnerabilidad en src/tools/pkcs11-tool.c en pkcs11-tool de OpenSC v0.11.7. Cuando se utiliza con modulos PKCS#11 de terceras partes sin especificar, genera claves RSA con exponentes públicos incorrectos, lo que permite a usuarios remotos leer en texto claro mensajes que se pretendió que fueran encriptados.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-05-11 CVE Reserved
2009-05-11 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-312: Cleartext Storage of Sensitive Information

CAPEC

References (13)

URL	Tag	Source
http://secunia.com/advisories/35035	Broken Link
http://secunia.com/advisories/35293	Broken Link
http://secunia.com/advisories/35309	Broken Link
http://secunia.com/advisories/36074	Broken Link
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html	Broken Link
http://www.vupen.com/english/advisories/2009/1295	Broken Link

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2009/05/08/1	2024-02-14

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200908-01.xml	2024-02-14
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123	2024-02-14
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html	2024-02-14
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html	2024-02-14
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html	2024-02-14
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html	2024-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opensc-project Search vendor "Opensc-project"		Opensc Search vendor "Opensc-project" for product "Opensc"				0.11.7 Search vendor "Opensc-project" for product "Opensc" and version "0.11.7"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				9 Search vendor "Fedoraproject" for product "Fedora" and version "9"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				10 Search vendor "Fedoraproject" for product "Fedora" and version "10"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				11 Search vendor "Fedoraproject" for product "Fedora" and version "11"		-		Affected