-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
X41 D-Sec GmbH Security Advisory: X41-2018-004
Multiple Vulnerabilities in Yubico libykneomgr
=====& -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
X41 D-Sec GmbH Security Advisory: X41-2018-004
Multiple Vulnerabilities in Yubico libykneomgr
==============================================
Overview
- --------
Confirmed Affected Versions: 0.1.9
Confirmed Patched Versions: -
Vendor: Yubico / Depreciated
Vendor URL: https://www.yubico.com/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
Summary and Impact
- ------------------
An out of bounds write and read was discovered when malicious
responses from a smartcard are received. These might lead to memory
corruptions. We assume that these are not easily exploitable.
X41 did not perform a full test or audit on the software.
Please note that the library is deprecated for more than a year and no
update
will be published by the vendor.
Product Description
- -------------------
This is a C library to interact with the CCID-part of the YubiKey NEO.
There is a command line tool "ykneomgr" for interactive use. It
supports querying the YubiKey NEO for firmware version, operation mode
(OTP/CCID) and serial number. You may also mode switch the device and
manage applets (list, delete and install).
Out of Bounds Read/Writes
=========================
Severity Rating: Medium
Vector: APDU Response
CVE:
CWE: 120
CVSS Score: 7.1 (High)
CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary and Impact
- ------------------
File lib/backendpcsc.c contains the following code in function
`backendappletlist()`
{% highlight c %}
{
sizet i;
sizet thislen = recv[length++];
for (i = 0; i < thislen; i++)
{
if (appletstr)
{
if (reallen + 2 > *len)
{
return YKNEOMGRBACKENDERROR;
}
sprintf (p, "%02x", recv[length]);
p += 2;
}
reallen += 2;
length++;
}
if (appletstr)
{
if (reallen + 1 > *len)
{
return YKNEOMGRBACKENDERROR;
}
*p = '
Yubico 0.1.9 libykneomgr Out Of Bounds Read Write
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 255