Vulnerability Description
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensc-Project | Opensc | <= 0.11.5 |
| Siemens | Cardos | m4 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/34362
- http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
- http://www.openwall.com/lists/oss-security/2008/09/09/14
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/34362
- http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
- http://www.openwall.com/lists/oss-security/2008/09/09/14
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
FAQ
What is CVE-2008-3972?
CVE-2008-3972 is a vulnerability with a CVSS score of 6.6 (MEDIUM). pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vul...
How severe is CVE-2008-3972?
CVE-2008-3972 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3972?
Check the references section above for vendor advisories and patch information. Affected products include: Opensc-Project Opensc, Siemens Cardos.