pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 00:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html - | |
References | () http://secunia.com/advisories/32099 - | |
References | () http://secunia.com/advisories/34362 - | |
References | () http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html - | |
References | () http://www.openwall.com/lists/oss-security/2008/09/09/14 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45045 - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html - |
Information
Published : 2008-09-11 01:13
Updated : 2024-11-21 00:50
NVD link : CVE-2008-3972
Mitre link : CVE-2008-3972
CVE.ORG link : CVE-2008-3972
JSON object : View
Products Affected
opensc-project
- opensc
siemens
- cardos
CWE
CWE-264
Permissions, Privileges, and Access Controls