Multiple vulnerabilities in KoSIT OSCI-Transport Library
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-10668 CVE-2017-10669 CVE-2017-10670 |
| CWE-ID | CWE-696 CWE-776 CWE-611 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
OSCI-Transport Library Universal components / Libraries / Libraries used by multiple products |
| Vendor | KoSIT |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Padding oracle attack
EUVDB-ID: #VU7318
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10668
CWE-ID:
CWE-696 - Incorrect Behavior Order
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct a padding oracle attack.
The weakness exists in the encryption library due to a flaw in implementation of a number of deprecated encryption algorithms (Triple DES, AES 129, AES 192, and AES 256, all in CBC mode). A remote attacker can conduct man-in-the-middle attack to analyse the CBC mode padding and decrypt the transport encryption.
Successful exploitation of the vulnerability results in decryption of the transport encryption.
Update to version 1.7.1.
OSCI-Transport Library: 1.6.1
CPE2.3 External linkshttps://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Signature wrapping attack
EUVDB-ID: #VU7319
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10669
CWE-ID:
CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct a signature wrapping attack.
The weakness exists in the encryption library due to XML entity expansion. A remote attacker can move XML elements within the document tree and modify the contents of a signed message arbitrarily without invalidating the signature.
Successful exploitation of the vulnerability results in content modification.
Update to version 1.7.1.
OSCI-Transport Library: 1.6.1
CPE2.3 External linkshttps://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) XXE attack
EUVDB-ID: #VU7320
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10670
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct XXE attack.
The weakness exists in the encryption library due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can send manipulated XML data to any communication partner and read arbitrary files from the file system of the victim host or cause DoS condition.
Successful exploitation of the vulnerability may result in information disclosure or denial of service.
Update to version 1.7.1.
OSCI-Transport Library: 1.6.1
CPE2.3 External linkshttps://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
