exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-2235

Status Candidate

Overview

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Related Files

Gentoo Linux Security Advisory 200812-9
Posted Dec 10, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-09 - Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it. Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Versions less than 0.11.6 are affected.

tags | advisory, cryptography
systems | linux, gentoo
advisories | CVE-2008-2235
SHA-256 | c6ee2a4b61e4dbad6fbde8d1cdb450da973718cd1afa12d10b3c625df252fae9
Mandriva Linux Security Advisory 2008-183
Posted Sep 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK. Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue.

tags | advisory, cryptography
systems | linux, mandriva
advisories | CVE-2008-2235
SHA-256 | ba09b1a1c5d45943d35cfa80f8251de261f5dd57c0789098f49d62d5b8012873
Debian Linux Security Advisory 1627-2
Posted Aug 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1627-2 - The previous security update for opensc had a too strict check for vulnerable smart cards. It could flag cards as safe even though they may be affected. This update corrects that problem.

tags | advisory
systems | linux, debian
advisories | CVE-2008-2235
SHA-256 | 1c31305ad0911eb2a6161dee0418e4123f5823ea5ce7e34168527436780cd848
Pardus Linux Security Advisory 2008.33
Posted Aug 31, 2008
Authored by Pardus Linux, Pardus

Pardus Linux Security Advisory - A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux
advisories | CVE-2008-2235
SHA-256 | 5f2a2b3d0283b838e15c5e12ba9ccab3134fb5e185e2e38e881cf0869f083b2e
Debian Linux Security Advisory 1627-1
Posted Aug 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1627-1 - Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN.

tags | advisory
systems | linux, debian
advisories | CVE-2008-2235
SHA-256 | 1079ed937fc740f592993eb931ab0ceb8257ab216d95c9f9f4e02bccfeae9812
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close