SuSE 10 Security Update : opensc (ZYPP Patch Number 5910)

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update fixes a security issues with opensc that occured when
initializing blank smart cards with Siemens CardOS M4. After the
initialization anyone could set the PIN of the smart card without
authorization. (CVE-2008-2235)

NOTE: Already initialized cards are still vulnerable after this
update. Please use the command-line tool pkcs15-tool with option

-test-update and --update when necessary. Don't forget to reinitialize
your smart cards if you are using cards with Siemens CardOS M4
operating system that were initialized using opensc!

Please find more information at
http://www.opensc-project.org/security.html

This is the second attempt to fix this problem. The previous update
was unforunately incomplete.

See also :

http://support.novell.com/security/cve/CVE-2008-2235.html

Solution :

Apply ZYPP patch number 5910.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 41567 ()

Bugtraq ID:

CVE ID: CVE-2008-2235

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now