openSUSE 10 Security Update : libopensc2 (libopensc2-5587)

Medium Nessus Plugin ID 34261


The remote openSUSE host is missing a security update.


This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization (CVE-2008-2235).

NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option

--test-update and --update when necessary.

Please find more information at

This is the second attempt to fix this problem. The previous update was unforunately incomplete.


Update the affected libopensc2 packages.

See Also

Plugin Details

Severity: Medium

ID: 34261

File Name: suse_libopensc2-5587.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2008/09/23

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libopensc2, p-cpe:/a:novell:opensuse:libopensc2-32bit, p-cpe:/a:novell:opensuse:opensc, p-cpe:/a:novell:opensuse:opensc-32bit, p-cpe:/a:novell:opensuse:opensc-devel, cpe:/o:novell:opensuse:10.2, cpe:/o:novell:opensuse:10.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2008/09/09

Reference Information

CVE: CVE-2008-2235

CWE: 310