CVE-2009-1603
First published: Mon May 11 2009(Updated: )
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE OpenSC | =0.11.7 | |
| Fedora | =9 | |
| Fedora | =10 | |
| Fedora | =11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2009/05/08/1
- http://secunia.com/advisories/35035
- http://www.vupen.com/english/advisories/2009/1295
- http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
- http://secunia.com/advisories/35309
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
- http://secunia.com/advisories/35293
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
- http://security.gentoo.org/glsa/glsa-200908-01.xml
- http://secunia.com/advisories/36074
Frequently Asked Questions
What is the severity of CVE-2009-1603?
CVE-2009-1603 has been assigned a medium severity level due to its potential impact on the confidentiality of encrypted messages.
How do I fix CVE-2009-1603?
To fix CVE-2009-1603, update to a later version of OpenSC that addresses this vulnerability.
Which versions of OpenSC are affected by CVE-2009-1603?
CVE-2009-1603 specifically affects OpenSC version 0.11.7.
What kind of attacks can exploit CVE-2009-1603?
CVE-2009-1603 can be exploited by attackers to read cleartext messages that were intended to be encrypted.
What software should I be aware of in relation to CVE-2009-1603?
In addition to OpenSC 0.11.7, CVE-2009-1603 may also impact certain versions of Fedora that utilize affected PKCS#11 modules.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/opensc-project
- canonical/suse opensc
- version/suse opensc/0.11.7
- vendor/fedoraproject
- canonical/fedora
- version/fedora/9
- version/fedora/10
- version/fedora/11