CVE-2008-2235

medium

Description

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

References

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

https://www.debian.org/security/2008/dsa-1627

https://exchange.xforce.ibmcloud.com/vulnerabilities/44140

http://www.securityfocus.com/bid/30473

http://www.opensc-project.org/security.html

http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:183

http://security.gentoo.org/glsa/glsa-200812-09.xml

http://secunia.com/advisories/34362

http://secunia.com/advisories/33115

http://secunia.com/advisories/32099

http://secunia.com/advisories/31360

http://secunia.com/advisories/31330

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

Details

Source: Mitre, NVD

Published: 2008-08-01

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N