CVE-2008-3972

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:opensc-project:opensc:*:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*
cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*

History

21 Nov 2024, 00:50

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html -
References () http://secunia.com/advisories/32099 - () http://secunia.com/advisories/32099 -
References () http://secunia.com/advisories/34362 - () http://secunia.com/advisories/34362 -
References () http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html - () http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html -
References () http://www.openwall.com/lists/oss-security/2008/09/09/14 - () http://www.openwall.com/lists/oss-security/2008/09/09/14 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45045 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45045 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html - () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html -

Information

Published : 2008-09-11 01:13

Updated : 2024-11-21 00:50


NVD link : CVE-2008-3972

Mitre link : CVE-2008-3972

CVE.ORG link : CVE-2008-3972


JSON object : View

Products Affected

opensc-project

  • opensc

siemens

  • cardos
CWE
CWE-264

Permissions, Privileges, and Access Controls