7.5

CVE-2009-1603

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc-projectOpensc Version0.11.7
FedoraprojectFedora Version9
FedoraprojectFedora Version10
FedoraprojectFedora Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.09% 0.61
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://secunia.com/advisories/36074
Broken Link
http://security.gentoo.org/glsa/glsa-200908-01.xml
Third Party Advisory
http://secunia.com/advisories/35035
Broken Link
http://secunia.com/advisories/35293
Broken Link
http://secunia.com/advisories/35309
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
Broken Link
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
Broken Link
http://www.openwall.com/lists/oss-security/2009/05/08/1
Patch
Mailing List
http://www.vupen.com/english/advisories/2009/1295
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html
Mailing List