CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/31330
http://secunia.com/advisories/31360
http://secunia.com/advisories/32099
http://secunia.com/advisories/33115
http://secunia.com/advisories/34362
http://security.gentoo.org/glsa/glsa-200812-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:183
http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
http://www.opensc-project.org/security.html
http://www.securityfocus.com/bid/30473 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/44140
https://www.debian.org/security/2008/dsa-1627
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/31330
http://secunia.com/advisories/31360
http://secunia.com/advisories/32099
http://secunia.com/advisories/33115
http://secunia.com/advisories/34362
http://security.gentoo.org/glsa/glsa-200812-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:183
http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
http://www.opensc-project.org/security.html
http://www.securityfocus.com/bid/30473 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/44140
https://www.debian.org/security/2008/dsa-1627
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*
OR cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*

History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html -
References () http://secunia.com/advisories/31330 - () http://secunia.com/advisories/31330 -
References () http://secunia.com/advisories/31360 - () http://secunia.com/advisories/31360 -
References () http://secunia.com/advisories/32099 - () http://secunia.com/advisories/32099 -
References () http://secunia.com/advisories/33115 - () http://secunia.com/advisories/33115 -
References () http://secunia.com/advisories/34362 - () http://secunia.com/advisories/34362 -
References () http://security.gentoo.org/glsa/glsa-200812-09.xml - () http://security.gentoo.org/glsa/glsa-200812-09.xml -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 -
References () http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html - () http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html -
References () http://www.opensc-project.org/security.html - () http://www.opensc-project.org/security.html -
References () http://www.securityfocus.com/bid/30473 - Patch () http://www.securityfocus.com/bid/30473 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/44140 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/44140 -
References () https://www.debian.org/security/2008/dsa-1627 - () https://www.debian.org/security/2008/dsa-1627 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html - () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html -

Information

Published : 2008-08-01 14:41

Updated : 2024-11-21 00:46


NVD link : CVE-2008-2235

Mitre link : CVE-2008-2235

CVE.ORG link : CVE-2008-2235


JSON object : View

Products Affected

opensc-project

  • opensc

siemens

  • cardos
CWE
CWE-310

Cryptographic Issues