CVE-2008-2235 Information

Feb 14, 2021 cve

Description

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4 which allows physically proximate attackers to change the PIN.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31330 http://secunia.com/advisories/31360 http://secunia.com/advisories/32099 http://secunia.com/advisories/33115 http://secunia.com/advisories/34362 http://security.gentoo.org/glsa/glsa-200812-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html http://www.opensc-project.org/security.html http://www.securityfocus.com/bid/30473 https://exchange.xforce.ibmcloud.com/vulnerabilities/44140 https://www.debian.org/security/2008/dsa-1627 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

Share on: