CVE-2008-2235 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2235
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2235

Description: OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/44140 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html SAID Secunia Advisory: SA31330 Secunia Advisory: SA31360 Secunia Advisory: SA32099 Secunia Advisory: SA33115 Secunia Advisory: SA34362 MLIST http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 GENTOO http://security.gentoo.org/glsa/glsa-200812-09.xml FEDORA DEBIAN http://lists.debian.org/debian-security-announce/2008/msg00212.html CONFIRM http://www.opensc-project.org/security.html BID 30473

Return to the previous page.