|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2019-16058: pam_p11: buffer overflow if a smart card creates a signature with a length longer than 256 bytes | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | carlos.lopez, kstreitova, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/241921/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2019-16058:4.9:(AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) maint:planned:update | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexandros Toptsoglou
2019-09-09 14:31:33 UTC
Tracked as affected both SLE11 and SLE12 This isn't an issue in SLE11 and SLE12. A buffer with length of 256 is passed to PKCS11_sign() along with a pointer to the variable that holds the length of the buffer. The chain continues to C_Sign() in our opensc package. Within C_Sign() the actual signature size is retrieved and then compared to the buffer size. If the buffer is too small to hold the signature then an error value is returned and the buffer is unchanged. C_Sign() checks the buffer size in both: * opensc-0.11.6 (SLE11) and: * opensc-0.13.0 (SLE12). Therefore, both SLE11 and SLE12 are not affected. Assigning to @security-team Not affected, closing. |