SuSE 10 Security Update : opensc (ZYPP Patch Number 5910)

Medium Nessus Plugin ID 41567


The remote SuSE 10 host is missing a security-related patch.


This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. (CVE-2008-2235)

NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option

-test-update and --update when necessary. Don't forget to reinitialize your smart cards if you are using cards with Siemens CardOS M4 operating system that were initialized using opensc!

Please find more information at

This is the second attempt to fix this problem. The previous update was unforunately incomplete.


Apply ZYPP patch number 5910.

See Also

Plugin Details

Severity: Medium

ID: 41567

File Name: suse_opensc-5910.nasl

Version: $Revision: 1.10 $

Type: local

Agent: unix

Published: 2009/09/24

Modified: 2012/10/08

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2008/09/09

Reference Information

CVE: CVE-2008-2235

CWE: 310