CVE-2008-2235

Published: Aug 1, 2008Modified: Apr 23, 2026

4.9

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Exploitability: 3.9 / Impact: 6.9

Source: NVD

Description

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Affected (21)

Products: Opensc Project: Opensc

1 product

Configuration A

21 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensc Project Opensc	Version 0.11.0
Opensc Project Opensc	Version 0.11.1
Opensc Project Opensc	Version 0.11.2
Opensc Project Opensc	Version 0.11.3
Opensc Project Opensc	Version 0.11.3 pre3
Opensc Project Opensc	Version 0.11.4
Opensc Project Opensc	Version 0.3.2
Opensc Project Opensc	Version 0.3.5
Opensc Project Opensc	Version 0.4.0
Opensc Project Opensc	Version 0.6.0
Opensc Project Opensc	Version 0.6.1
Opensc Project Opensc	Version 0.7.0
Opensc Project Opensc	Version 0.8.0.0
Opensc Project Opensc	Version 0.8.1
Opensc Project Opensc	Version 0.8
Opensc Project Opensc	Version 0.9.6
Opensc Project Opensc	Version 0.9.7
Opensc Project Opensc	Version 0.9.7 b
Opensc Project Opensc	Version 0.9.7 d
Opensc Project Opensc	Version 0.9.8
Opensc Project Opensc	Version 0.9

Running on/with	Platform Versions
Siemens Cardos	Version m4

Related CWEs

References (30)

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/31330

Source: cve@mitre.org

http://secunia.com/advisories/31360

Source: cve@mitre.org

http://secunia.com/advisories/32099

Source: cve@mitre.org

http://secunia.com/advisories/33115

Source: cve@mitre.org

http://secunia.com/advisories/34362

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200812-09.xml

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2008:183

Source: cve@mitre.org

http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html

Source: cve@mitre.org

http://www.opensc-project.org/security.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/30473

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/44140

Source: cve@mitre.org

https://www.debian.org/security/2008/dsa-1627

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31330

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31360

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32099

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33115

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34362

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200812-09.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2008:183

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.opensc-project.org/security.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30473

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/44140

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2008/dsa-1627

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.