SuSE 10 Security Update : opensc (ZYPP Patch Number 5910)
Medium Nessus Plugin ID 41567
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. (CVE-2008-2235)
NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option
-test-update and --update when necessary. Don't forget to reinitialize your smart cards if you are using cards with Siemens CardOS M4 operating system that were initialized using opensc!
Please find more information at http://www.opensc-project.org/security.html
This is the second attempt to fix this problem. The previous update was unforunately incomplete.
SolutionApply ZYPP patch number 5910.