Vulnerability Description
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Cardos | m4 |
| Opensc-Project | Opensc | 0.3.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/31330
- http://secunia.com/advisories/31360
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/33115
- http://secunia.com/advisories/34362
- http://security.gentoo.org/glsa/glsa-200812-09.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:183
- http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
- http://www.opensc-project.org/security.html
- http://www.securityfocus.com/bid/30473Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44140
- https://www.debian.org/security/2008/dsa-1627
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
FAQ
What is CVE-2008-2235?
CVE-2008-2235 is a vulnerability with a CVSS score of 4.9 (MEDIUM). OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proxima...
How severe is CVE-2008-2235?
CVE-2008-2235 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2235?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Cardos, Opensc-Project Opensc.