Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 26 Feb 2009 19:27:06 +0100
From: Andreas Jellinghaus <>
Subject: OpenSC Security Advisory

OpenSC today released a new version OpenSC 0.11.7 with these changes:
* hide_empty_slots now on by default.
* pinpad supported fixed for Mac OS X.
* ruToken driver was updated.
* openct virtual readers reduced to 2 by default.
* link with iconv on Mac OS X for i18n support.
* Security issue: Fix private data support.
* Enable lock_login by default.
* Disable allow_soft_keygen by default.

Regards, Andreas Jellinghaus

Security update for OpenSC

OpenSC Security Advisory [26-Feb-2009] CVE-2009-0368

OpenSC stores private data without proper access restrictions.

User "b.badrignans" reported this security problem on December 4th, 2008.
In June 2007 support form private data objects was added to OpenSC. Only later
a severe security bug was found out: while the OpenSC PKCS#11 implementation
requires PIN verification to access the data, low level APDU commands or 
debugging tools like opensc-explorer or opensc-tool can access the private 
data without any authentication. This was fixed in OpenSC 0.11.7.

RSA keys are not affected by this security problem. National eID cards and 
other cards initialised by other software are not affected by this problem. 
Only blank cards initialised with OpenSC are affected by this problem. It is 
not known if the problem is limited to some drivers, but we believe all 
drivers are affected. We could only test very few cards, but all of them had 
the problem, and the fix worked on all of them. All other cards are completely 
untested for either.

This fix only improves creating new private data objects. Cards already 
initialised with such private data objects need to be modified to repair the 
access control conditions on such cards. One way to do that is to erase the 
card and re-initialise it, but doing this you would loose all content on the 
card, including RSA private keys. An alternative is to download the private 
data object(s) to your PC, delete them on the card, and store them once more 
on the card with the new, fixed version of OpenSC. This procedure has been
tested with success on some cards, but no guaranty of any kind can be given.

WARNING! Only follow this procedure if you know what you are doing.
This could damage your card or erase all data on it! No warranty of any kind,
you are on your own! WARNING!

Testing your card:
  To create a file with a secret:
    echo "This is my secret data" > secret-file
  To initialise a blank card:
    pkcs15-init  --create-pkcs15  --use-default-transport-keys \
        --profile pkcs15+onepin --pin 123456 --puk 78907890

  To write a private data object to the card:
    pkcs11-tool --label "my secret"  --type data --write-object secret-file \
         --private --login --pin 123456
  To see all objects on the card:
     pkcs15-tool --dump
     This will list the data object, including the path it is stored, e.g.:
     "Path:            3f0050154701"

  To access such an object with low level tools:
    cd 5015
    get 4701

    New versions of OpenSC will not allow this to succeed. For older
    versions the file name is usually 4601 for the first data object
    (private or not), and it is never protected, thus you can download
    the content with the get command.
  After testing you can erase a card with this command:
    pkcs15-init --erase-card --use-default-transport-keys
WARNING! Only follow this procedure if you know what you are doing.
This could damage your card or erase all data on it! No warranty of any kind,
you are on your own! WARNING!

Other security changes

When OpenSC was created some cards could already create RSA keys on card,
but other popular cards could only execute signing and decryption on card,
but not create RSA key. The OpenSC code was written to use the hardware RSA
key creation, if the card supports it, and - to make things easier for 
everyone - to create an RSA key in software, if the card does not support it. 
This could always be turned off with the "soft_keygen_allowed" in the config 

We have not heard of any user of such old cards without the capability to 
create RSA keys for a long time. Thus we changed the default of the 
soft_keygen_allowed option to false in OpenSC 0.11.7. Users of Siemens CardOS 
based smart cards will still need to turn this option on, if they want to use 
the "split-key" option to work around limitations in the CardOS card operating 
system (not being able to have RSA keys valid for both signing and 

OpenSC used to lock access to a smart card, when applications used the Login
function with OpenSC. This option was disabled by default a while ago, because
popular applications like Firefox and Thunderbird call the Login function when
they are started (and OpenSC is configured as PKCS#11 module). If locking is
enabled, you cannot run both applications at the same time, as the first gets
the lock, and the second is stuck till the first application is quit. Also 
you can't use any other application at the same time, for example you can't
use a screensaver with smart card authentication.

Still we revised this default setting in OpenSC 0.11.7 and enabled lock_login
by default. This will harm all users of several concurrent applications trying
to use smart cards. But without locking we cannot rule out the possibility of
a security issue in some race scenario. Also some applications seem to not 
work properly without lock_login enabled.

Security fixes available

md5sum opensc-0.11.7.tar.gz 
419e9be372c2f9bbb3ce9704c929d5ec  opensc-0.11.7.tar.gz

sha1sum opensc-0.11.7.tar.gz 
f91f66bb350d94c07fb01e427c936ce56f1c7d0d  opensc-0.11.7.tar.gz

sha256sum opensc-0.11.7.tar.gz 

In our subversion repository the private data fix is available as revision 
3605, the new default settings are commited in revision 3604. Note however 
that we can support only released versions of OpenSC and current trunk. If you 
have a problem with an older version or patched version, you need to try the 
latest release.

State of OpenSC

I believe that security software should be simple, well designed, well writen
and actively maintained by a dedicated team.

I'm sad to inform you that OpenSC is a rather large and complex software,
the design shows that is clearly grown over the years. Most developers stopped
being interested in smart cards many years ago, only few are left, of those
nearly noone actually uses smart cards day to day. Time for improving OpenSC
is scarce if it exists at all, and not a single developer knows the OpenSC
core code in detail.

OpenSC is working fine for some applications, like using it with openssh
for smart card authenticated ssh login, or for console login with a pam 
module, or testing and learning about smart cards. But in general you need to 
judge yourself if the state of OpenSC is compatible with your requirements.

The projects needs more developers and a new project maintainer. If you are 
interested in spending your free time to work with smart cards, we would like 
to welcome you to the project, and will try to help you and support your work.

Binary distributions

Our Mac OS X Installer Package "SCA" is well maintained and a new version
including this new version will be available soon. Al versions up to and
including are vulnerable, but the new experimental 0.2.5-pre1
and the final 0.2.5 will include the fixed OpenSC 0.11.7.

Our old Windows Installer Package "SCB" is also affected by this 
vulnerability: All versions are affected. We don't have any windows developer 
left, so no one can update this package.

New windows binaries build using mingw are available in the "Build" project. 
Version 001 and 002 are both vulnerable, a new version 003 with OpenSC 0.11.7 
will be soon available.

Contact and Feedback

If you have questions or feedback, please do not hesitate to contact us on our 
mailing lists "opensc-devel" or "opensc-user". You need to subscribe to these 
lists before posting, as we are getting a lot of spam each day and do not have 
the resource to sort out valid email.

Regards, Andreas Jellinghaus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.