CVE-2008-2235

NameCVE-2008-2235
DescriptionOpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1627-2

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opensc (PTS)jessie, jessie (lts)0.16.0-3+deb8u3fixed
stretch (security), stretch (lts), stretch0.16.0-3+deb9u2fixed
buster (security), buster, buster (lts)0.19.0-1+deb10u3fixed
bullseye0.21.0-1fixed
bookworm0.23.0-0.3+deb12u1fixed
sid, trixie0.25.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openscsourceetch0.11.1-2etch2DSA-1627-2
openscsource(unstable)0.11.4-4

Notes

https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html

Search for package or bug name: Reporting problems