CVE-2009-0368

OpenSC < 0.11.7 - Unauthenticated Private Data Object Read via Low-Level APDU Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0368. PoCs published by Andreas Jellinghaus.

AI-analyzed exploit summary This exploit demonstrates an unauthorized access vulnerability in OpenSC prior to version 0.11.7. It involves creating a secret file, initializing a blank card, writing a private data object, and accessing it using low-level tools, bypassing intended access controls.

Description

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andreas Jellinghaus · textlocallinux

https://www.exploit-db.com/exploits/32820

View Code ZIP pw:eip

This exploit demonstrates an unauthorized access vulnerability in OpenSC prior to version 0.11.7. It involves creating a secret file, initializing a blank card, writing a private data object, and accessing it using low-level tools, bypassing intended access controls.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: OpenSC < 0.11.7

No auth needed

Prerequisites: Access to a system with OpenSC tools installed · A blank smart card

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34120

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33922

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/48958

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34362

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35065

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html

Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2009/02/26/1

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1734

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34377

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36074

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34052

Vendor Advisory mailing-list x_refsource_mlist

http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200908-01.xml

Scores

EPSS 0.0038

EPSS Percentile 59.8%

Details

CWE

CWE-310

Status published

Products (28)

opensc-project/opensc 0.3.2

opensc-project/opensc 0.3.5

opensc-project/opensc 0.4.0

opensc-project/opensc 0.5.0

opensc-project/opensc 0.6.0

opensc-project/opensc 0.6.1

opensc-project/opensc 0.7.0

opensc-project/opensc 0.8

opensc-project/opensc 0.8.0

opensc-project/opensc 0.8.0.0

... and 18 more

Published Mar 02, 2009

Tracked Since Feb 18, 2026