CVE-2008-3972 Information

Description

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card’s label matches the \OpenSC\ string which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched as demonstrated by exploitation of CVE-2008-2235.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://secunia.com/advisories/32099 http://secunia.com/advisories/34362 http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html http://www.openwall.com/lists/oss-security/2008/09/09/14 https://exchange.xforce.ibmcloud.com/vulnerabilities/45045 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html