CVE-2008-2235

NameCVE-2008-2235
DescriptionOpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1627-2

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opensc (PTS)bullseye0.21.0-1fixed
bullseye (security)0.21.0-1+deb11u1fixed
bookworm0.23.0-0.3+deb12u2fixed
sid, trixie0.26.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openscsourceetch0.11.1-2etch2DSA-1627-2
openscsource(unstable)0.11.4-4

Notes

https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html
Search for package or bug name: Reporting problems