Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3972

Overview

Vulnerability Score 6.6 6.6
CVE Id CVE-2008-3972
Last Modified 25 Mar 2009 01:43:12
Published 10 Sep 2008 09:13:47
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3972

Summary

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

Vulnerable Systems

Application

  • Opensc-project Opensc 0.10.0

  • Opensc-project Opensc 0.10.1

  • Opensc-project Opensc 0.11.0

  • Opensc-project Opensc 0.11.1

  • Opensc-project Opensc 0.11.2

  • Opensc-project Opensc 0.11.3

  • Opensc-project Opensc 0.11.4

  • Opensc-project Opensc 0.11.5

  • Opensc-project Opensc 0.4.0

  • Opensc-project Opensc 0.5.0

  • Opensc-project Opensc 0.6.0

  • Opensc-project Opensc 0.6.1

  • Opensc-project Opensc 0.7.0

  • Opensc-project Opensc 0.8.0

  • Opensc-project Opensc 0.8.1

  • Opensc-project Opensc 0.9.2

  • Opensc-project Opensc 0.9.3

  • Opensc-project Opensc 0.9.4

  • Opensc-project Opensc 0.9.5

  • Opensc-project Opensc 0.9.6


References

FEDORA - FEDORA-2009-2267

XF - opensc-pkcs15tool-weak-security(45045)

MLIST - [oss-security] 20080909 Re: opensc 0.11.6 with fixed security update

MLIST - [opensc-announce] 20080827 opensc 0.11.6 with fixed security update

SECUNIA - 34362

SECUNIA - 32099

SUSE - SUSE-SR:2008:019


Last Updated: 27 May 2016 10:48:22