CVE-2009-0368
CVE-2009-0368
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/32820unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttp://openwall.com/lists/oss-security/2009/02/26/1http://secunia.com/advisories/34052http://secunia.com/advisories/34120http://secunia.com/advisories/34362http://secunia.com/advisories/34377http://secunia.com/advisories/35065http://secunia.com/advisories/36074http://security.gentoo.org/glsa/glsa-200908-01.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48958https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html