Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2235

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-2235
Last Modified 25 Mar 2009 01:38:37
Published 01 Aug 2008 10:41:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2235

Summary

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Vulnerable Systems

Application

  • Opensc-project Opensc 0.11.0

  • Opensc-project Opensc 0.11.1

  • Opensc-project Opensc 0.11.2

  • Opensc-project Opensc 0.11.3

  • Opensc-project Opensc 0.11.4

  • Opensc-project Opensc 0.3.2

  • Opensc-project Opensc 0.3.5

  • Opensc-project Opensc 0.4.0

  • Opensc-project Opensc 0.6.0

  • Opensc-project Opensc 0.6.1

  • Opensc-project Opensc 0.7.0

  • Opensc-project Opensc 0.8

  • Opensc-project Opensc 0.8.0.0

  • Opensc-project Opensc 0.8.1

  • Opensc-project Opensc 0.9

  • Opensc-project Opensc 0.9.6

  • Opensc-project Opensc 0.9.7

  • Opensc-project Opensc 0.9.8


References

BID - 30473

FEDORA - FEDORA-2009-2267

XF - opensc-smartcard-cryptotoken-weak-security(44140)

CONFIRM - http://www.opensc-project.org/security.html

MLIST - [opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11

MANDRIVA - MDVSA-2008:183

GENTOO - GLSA-200812-09

SECUNIA - 34362

SECUNIA - 33115

SECUNIA - 32099

SECUNIA - 31360

SECUNIA - 31330

SUSE - SUSE-SR:2009:004

SUSE - SUSE-SR:2008:019

DEBIAN - DSA-1627

Related Patches

Novell SUSE 2008:5493 opensc security update for SLE 10 i586

Novell SUSE 2008:5588 opensc security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:48