CVE-2008-2235

NameCVE-2008-2235
DescriptionOpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1627-2
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opensc (PTS)wheezy0.12.2-3fixed
jessie0.14.0-2fixed
stretch0.16.0-3fixed
buster, sid0.17.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openscsource(unstable)0.11.4-4medium
openscsourceetch0.11.1-2etch2mediumDSA-1627-2

Notes

https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html

Search for package or bug name: Reporting problems