Vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash or PIN bypass.
CVE-2023-40660
When the token/card was plugged into the computer and authenticated
from one process, it could be used to provide cryptographic
operations from different process when the empty, zero-length PIN
and the token can track the login status using some of its
internals. This is dangerous for OS logon/screen unlock and small
tokens that are plugged permanently to the computer.
The bypass was removed and explicit logout implemented for most of
the card drivers to prevent leaving unattended logged-in tokens.
CVE-2023-40661
This advisory summarizes automatically reported issues from dynamic
analyzers reports in pkcs15-init that are security relevant.
* stack buffer overflow in sc_pkcs15_get_lastupdate() in pkcs15init;
* heap buffer overflow in setcos_create_key() in pkcs15init;
* heap buffer overflow in cosm_new_file() in pkcs15init;
* stack buffer overflow in cflex_delete_file() in pkcs15init;
* heap buffer overflow in sc_hsm_write_ef() in pkcs15init;
* stack buffer overflow while parsing pkcs15 profile files;
* stack buffer overflow in muscle driver in pkcs15init; and
* stack buffer overflow in cardos driver in pkcs15init.
All of these require physical access to the computer at the time
user or administrator would be enrolling the cards (generating keys
and loading certificates, other card/token management) operations.
The attack requires crafted USB device or smart card that would
present the system with specially crafted responses to the APDUs so
they are considered a high-complexity and low-severity. This issue
is not exploitable just by using a PKCS#11 module as done in most of
the end-user deployments.
0.19.0-1+deb10u3