Date: Thu, 26 Feb 2009 19:27:06 +0100 From: Andreas Jellinghaus <aj@...geon.inka.de> To: oss-security@...ts.openwall.com Subject: OpenSC Security Advisory OpenSC today released a new version OpenSC 0.11.7 with these changes: * hide_empty_slots now on by default. * pinpad supported fixed for Mac OS X. * ruToken driver was updated. * openct virtual readers reduced to 2 by default. * link with iconv on Mac OS X for i18n support. * Security issue: Fix private data support. * Enable lock_login by default. * Disable allow_soft_keygen by default. Regards, Andreas Jellinghaus aj@...nsc-project.org Security update for OpenSC ========================== OpenSC Security Advisory [26-Feb-2009] CVE-2009-0368 ---------------------------------------------------- OpenSC stores private data without proper access restrictions. User "b.badrignans" reported this security problem on December 4th, 2008. In June 2007 support form private data objects was added to OpenSC. Only later a severe security bug was found out: while the OpenSC PKCS#11 implementation requires PIN verification to access the data, low level APDU commands or debugging tools like opensc-explorer or opensc-tool can access the private data without any authentication. This was fixed in OpenSC 0.11.7. RSA keys are not affected by this security problem. National eID cards and other cards initialised by other software are not affected by this problem. Only blank cards initialised with OpenSC are affected by this problem. It is not known if the problem is limited to some drivers, but we believe all drivers are affected. We could only test very few cards, but all of them had the problem, and the fix worked on all of them. All other cards are completely untested for either. This fix only improves creating new private data objects. Cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. One way to do that is to erase the card and re-initialise it, but doing this you would loose all content on the card, including RSA private keys. An alternative is to download the private data object(s) to your PC, delete them on the card, and store them once more on the card with the new, fixed version of OpenSC. This procedure has been tested with success on some cards, but no guaranty of any kind can be given. WARNING! Only follow this procedure if you know what you are doing. This could damage your card or erase all data on it! No warranty of any kind, you are on your own! WARNING! Testing your card: To create a file with a secret: echo "This is my secret data" > secret-file To initialise a blank card: pkcs15-init --create-pkcs15 --use-default-transport-keys \ --profile pkcs15+onepin --pin 123456 --puk 78907890 To write a private data object to the card: pkcs11-tool --label "my secret" --type data --write-object secret-file \ --private --login --pin 123456 To see all objects on the card: pkcs15-tool --dump This will list the data object, including the path it is stored, e.g.: "Path: 3f0050154701" To access such an object with low level tools: opensc-explorer cd 5015 get 4701 New versions of OpenSC will not allow this to succeed. For older versions the file name is usually 4601 for the first data object (private or not), and it is never protected, thus you can download the content with the get command. After testing you can erase a card with this command: pkcs15-init --erase-card --use-default-transport-keys WARNING! Only follow this procedure if you know what you are doing. This could damage your card or erase all data on it! No warranty of any kind, you are on your own! WARNING! Other security changes ---------------------- When OpenSC was created some cards could already create RSA keys on card, but other popular cards could only execute signing and decryption on card, but not create RSA key. The OpenSC code was written to use the hardware RSA key creation, if the card supports it, and - to make things easier for everyone - to create an RSA key in software, if the card does not support it. This could always be turned off with the "soft_keygen_allowed" in the config file. We have not heard of any user of such old cards without the capability to create RSA keys for a long time. Thus we changed the default of the soft_keygen_allowed option to false in OpenSC 0.11.7. Users of Siemens CardOS based smart cards will still need to turn this option on, if they want to use the "split-key" option to work around limitations in the CardOS card operating system (not being able to have RSA keys valid for both signing and decryption). OpenSC used to lock access to a smart card, when applications used the Login function with OpenSC. This option was disabled by default a while ago, because popular applications like Firefox and Thunderbird call the Login function when they are started (and OpenSC is configured as PKCS#11 module). If locking is enabled, you cannot run both applications at the same time, as the first gets the lock, and the second is stuck till the first application is quit. Also you can't use any other application at the same time, for example you can't use a screensaver with smart card authentication. Still we revised this default setting in OpenSC 0.11.7 and enabled lock_login by default. This will harm all users of several concurrent applications trying to use smart cards. But without locking we cannot rule out the possibility of a security issue in some race scenario. Also some applications seem to not work properly without lock_login enabled. Security fixes available ------------------------ http://www.opensc-project.org/files/opensc/opensc-0.11.7.tar.gz md5sum opensc-0.11.7.tar.gz 419e9be372c2f9bbb3ce9704c929d5ec opensc-0.11.7.tar.gz sha1sum opensc-0.11.7.tar.gz f91f66bb350d94c07fb01e427c936ce56f1c7d0d opensc-0.11.7.tar.gz sha256sum opensc-0.11.7.tar.gz 6dab273cbdba8e92c59207715199f48f4f9e541e6d873561e30154bd40c4011d In our subversion repository the private data fix is available as revision 3605, the new default settings are commited in revision 3604. Note however that we can support only released versions of OpenSC and current trunk. If you have a problem with an older version or patched version, you need to try the latest release. State of OpenSC =============== I believe that security software should be simple, well designed, well writen and actively maintained by a dedicated team. I'm sad to inform you that OpenSC is a rather large and complex software, the design shows that is clearly grown over the years. Most developers stopped being interested in smart cards many years ago, only few are left, of those nearly noone actually uses smart cards day to day. Time for improving OpenSC is scarce if it exists at all, and not a single developer knows the OpenSC core code in detail. OpenSC is working fine for some applications, like using it with openssh for smart card authenticated ssh login, or for console login with a pam module, or testing and learning about smart cards. But in general you need to judge yourself if the state of OpenSC is compatible with your requirements. The projects needs more developers and a new project maintainer. If you are interested in spending your free time to work with smart cards, we would like to welcome you to the project, and will try to help you and support your work. Binary distributions ==================== Our Mac OS X Installer Package "SCA" is well maintained and a new version including this new version will be available soon. Al versions up to and including 0.2.4.1 are vulnerable, but the new experimental 0.2.5-pre1 and the final 0.2.5 will include the fixed OpenSC 0.11.7. Our old Windows Installer Package "SCB" is also affected by this vulnerability: All versions are affected. We don't have any windows developer left, so no one can update this package. New windows binaries build using mingw are available in the "Build" project. Version 001 and 002 are both vulnerable, a new version 003 with OpenSC 0.11.7 will be soon available. Contact and Feedback ==================== If you have questions or feedback, please do not hesitate to contact us on our mailing lists "opensc-devel" or "opensc-user". You need to subscribe to these lists before posting, as we are getting a lot of spam each day and do not have the resource to sort out valid email. Regards, Andreas Jellinghaus aj@...nsc-project.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.