CVE-2008-2235

NameCVE-2008-2235
DescriptionOpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1627-2
NVD severitymedium (attack range: local)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opensc (PTS)squeeze0.11.13-1.1fixed
wheezy0.12.2-3fixed
jessie, sid0.14.0-1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openscsource(unstable)0.11.4-4medium
openscsourceetch0.11.1-2etch2mediumDSA-1627-2

Notes

http://www.opensc-project.org/security.html

Search for package or bug name: Reporting problems