cve-2008-2235

Vulnerability from cvelistv5

Published

2008-08-01 14:00

Modified

2024-08-07 08:49

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
cve@mitre.org	http://secunia.com/advisories/31330
cve@mitre.org	http://secunia.com/advisories/31360
cve@mitre.org	http://secunia.com/advisories/32099
cve@mitre.org	http://secunia.com/advisories/33115
cve@mitre.org	http://secunia.com/advisories/34362
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200812-09.xml
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:183
cve@mitre.org	http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
cve@mitre.org	http://www.opensc-project.org/security.html
cve@mitre.org	http://www.securityfocus.com/bid/30473	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44140
cve@mitre.org	https://www.debian.org/security/2008/dsa-1627
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:58.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30473",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30473"
          },
          {
            "name": "31330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31330"
          },
          {
            "name": "34362",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34362"
          },
          {
            "name": "MDVSA-2008:183",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opensc-project.org/security.html"
          },
          {
            "name": "33115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33115"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "31360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31360"
          },
          {
            "name": "FEDORA-2009-2267",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
          },
          {
            "name": "DSA-1627",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2008/dsa-1627"
          },
          {
            "name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
          },
          {
            "name": "32099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32099"
          },
          {
            "name": "SUSE-SR:2008:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
          },
          {
            "name": "GLSA-200812-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
          },
          {
            "name": "opensc-smartcard-cryptotoken-weak-security(44140)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30473",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30473"
        },
        {
          "name": "31330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31330"
        },
        {
          "name": "34362",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34362"
        },
        {
          "name": "MDVSA-2008:183",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opensc-project.org/security.html"
        },
        {
          "name": "33115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33115"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "name": "31360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31360"
        },
        {
          "name": "FEDORA-2009-2267",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
        },
        {
          "name": "DSA-1627",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2008/dsa-1627"
        },
        {
          "name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
        },
        {
          "name": "32099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32099"
        },
        {
          "name": "SUSE-SR:2008:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
        },
        {
          "name": "GLSA-200812-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
        },
        {
          "name": "opensc-smartcard-cryptotoken-weak-security(44140)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2235",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30473",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30473"
            },
            {
              "name": "31330",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31330"
            },
            {
              "name": "34362",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34362"
            },
            {
              "name": "MDVSA-2008:183",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
            },
            {
              "name": "http://www.opensc-project.org/security.html",
              "refsource": "CONFIRM",
              "url": "http://www.opensc-project.org/security.html"
            },
            {
              "name": "33115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33115"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "31360",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31360"
            },
            {
              "name": "FEDORA-2009-2267",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
            },
            {
              "name": "DSA-1627",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2008/dsa-1627"
            },
            {
              "name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
              "refsource": "MLIST",
              "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
            },
            {
              "name": "32099",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "name": "SUSE-SR:2008:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "GLSA-200812-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
            },
            {
              "name": "opensc-smartcard-cryptotoken-weak-security(44140)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2235",
    "datePublished": "2008-08-01T14:00:00",
    "dateReserved": "2008-05-16T00:00:00",
    "dateUpdated": "2024-08-07T08:49:58.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2235\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-08-01T14:41:00.000\",\"lastModified\":\"2017-08-08T01:30:52.823\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.\"},{\"lang\":\"es\",\"value\":\"OpenSC anterior a 0.11.5 usa permisos d\u00e9biles (archivo de control de informaci\u00f3n ADMIN de 00) para el directorio 5015 en smart cards y crypto tokens USB ejecut\u00e1ndose Siemens CardOS M4, que permite a atacantes pr\u00f3ximos f\u00edsicamente cambiar el PIN.\"}],\"vendorComments\":[{\"organization\":\"Siemens\",\"comment\":\"Siemens has analyzed this report and states that no security breach can be found in the Siemens CardOS M4 itself and it thus does not relate to any Siemens component. The reported vulnerability (caused by inappropriate personalization) is due to an issue in the OPENSC middleware detailed information can be found under http://www.opensc-project.org/security.html. \\n\\nTherefore, Siemens recommends all customers and partners using OPENSC to use either the current version 0.11.5 of OPENSC in which this vulnerability is fixed or to use the bug fix suggested under http://freshmeat.net/articles/view/3333/. \\n\\nWe hope that we could help you with this recommendation. \\n\\nIf you have further questions, please contact the Siemens CardOS hotline under:\\n\\nscs-support.med@siemens.com\\n\\nPhone: +49 89 636 35996 (Mo.-Fr. 9:00-17:00 German time)\\n\\n\",\"lastModified\":\"2008-08-14T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:C/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF8B710-EAF0-4381-B1C5-B2EAA91737DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D734B35-BA7F-4219-98DA-FCD55E5A37C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"349D5BCA-885C-4948-838E-E3904E49598E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"471DBF4E-54B8-4776-A0BA-0F65FE02192E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA4321E6-1D08-489C-948F-2673C30D762C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8498096A-19A9-4C09-99C3-CC1C45D6BA40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5028CF13-2807-4813-A542-A1CD6E735CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FD4CB51-068C-4AD2-94AC-59DE20A2AB77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D8CA0B8-AC3B-4D0F-854D-EDF285EC01CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931CE287-97AF-4B73-BA57-FB9B9AAA7016\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA979A3-A34F-4813-8489-C1985E22A398\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A64E85D-B1A7-48FB-8438-8173249ED817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"940151B8-6466-43D7-A7EB-A28F13DA5B50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BE84E1D-F765-49E6-84E2-6831A535B67A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE85FABD-20F0-4308-B240-0E460E85CA08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3752BA88-CA7A-4B79-96C4-A5EC9A6C2AC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B093D7C9-242E-4CC7-9971-71D9AE19A7F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"353AFA23-88C0-45AA-B9EF-EF7A4DC6AFE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA2024C5-238A-4734-B8C6-D4F99EEFBC07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF611D89-FA24-4421-A8A8-5290629C81D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ECCFF79-6515-42F8-B986-4C06BE1F79D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74B19CB-8AFB-4A07-9A84-063BFF47E089\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31330\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31360\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32099\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33115\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34362\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200812-09.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:183\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.opensc-project.org/security.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30473\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44140\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2008/dsa-1627\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4. Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks. NOTE: This issue cannot be leveraged to access an existing PIN number. This issue occurs in versions prior to OpenSC 0.11.6. OpenSC Insecure Permission Vulnerability.

A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions.

Affected packages:

Pardus 2008: opensc, all before 0.11.6-7-2

Resolution

There are update(s) for opensc. You can update them via Package Manager or with a single command from console:

 pisi up opensc

References

http://bugs.pardus.org.tr/show_bug.cgi?id=8066
http://permalink.gmane.org/gmane.comp.security.oss.general/863
http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235
http://secunia.com/advisories/31330

-- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/.

The updated packages have been patched to prevent this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 http://www.opensc-project.org/security.html

Updated Packages:

Mandriva Linux 2007.1: 77f7d7afda2b14397fd49eb9a40fe277 2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm 63ac5b681a7c32ff5fa5a19eaacd99c4 2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm 70e9d0aa9fd4ee98e44acb640cca7334 2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm 9990fd668eb0db7a2c3a067663935e6c 2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64: 7ff78a629ff3fc4ebae26081445476b5 2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm d782522d41b4c9c3740d6d3917560a9f 2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm 6e7cc1f3c8dd8485a182704d64a59c8b 2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 9337e42a69c15124642ed8f9756fd3c2 2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm

Mandriva Linux 2008.0: 4ce42db0e198b6ce9c9287594ee3fafd 2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm 70546abd01b00bab812fa6fea4ae4d16 2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm eba548b0a0547b26056233f5e8ca6adb 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm 7220fd9c1e95158f787cc8369826ec32 2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: 5378764b2b2d3cd848ac0ac542287b94 2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm a6dbaabff7dbd6cabc1202a334c663b2 2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm f3b2891c740068fa7f328690f8a53c0a 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm 9ad409a7e667a9bc7c448ad207ce2afd 2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.1: d2f1aecf3d76a0de1eb2314467e8039c 2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm 25cbd704341f975c3608b2415f73876a 2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm afeb1a983ab5dc9175abe9a3d4d2a043 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm 2e4f8fbf6baf274e24d0d68713c20bb0 2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64: 78655b07b2736207d38d165f695f5e72 2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm 55f4a5fe2db33ec43b74353b92b01c6d 2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm 70d7f144e01d25f79b622484db2ef0bd 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 807e29fd2d0560f65eff7fff274aa5e2 2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm

Corporate 4.0: f429cd809bb72592a21b37921ef4c3a0 corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm f91cc391ac3c574701b27d65ff2f14eb corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm 7eb7c1057b2c47306482d0afc1e6e859 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm 4c69219b2f389fe050df05985deecb86 corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64: d92325b44dbf5deb8cfcd0cbf4f59012 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm 2944306bed9b725e7c0bc196416de3c2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm 424b680dbde7f548b731ecc4bf8021fc corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 70c9f7f70ca3e6635c80608189a220e0 corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIvX6MmqjQ0CJFipgRAoRWAKDJeFahAQ2AR414gjXP8O5e9kA+IQCdGkgV NXjfAeIK16LGCRR9/DHUvlU= =BPKk -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-09

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSC: Insufficient protection of smart card PIN Date: December 10, 2008 Bugs: #233543 ID: 200812-09

Synopsis

Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it.

Background

OpenSC is a smart card application that allows reading and writing via PKCS#11.

Workaround

There is no known workaround at this time.

Resolution

All OpenSC users should upgrade to the latest version, and then check and update their smart cards:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.6"
# pkcs15-tool --test-update
# pkcs15-tool --test-update --update

References

[ 1 ] CVE-2008-2235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200812-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-1627-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 31, 2008 http://www.debian.org/security/faq

Package : opensc Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-2235

The previous security update for opensc had a too strict check for vulnerable smart cards. It could flag cards as safe even though they may be affected. This update corrects that problem. We advise users of the smart cards concerned to re-check their card after updating the package, following the procedure outlined in the original advisory text below.

Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. However it can not be used to figure out the PIN. If the PIN on your card is still the same you always had, there's a reasonable chance that this vulnerability has not been exploited.

After upgrading the package, running pkcs15-tool -T will show you whether the card is fine or vulnerable. If the card is vulnerable, you need to update the security setting using: pkcs15-tool -T -U

For the stable distribution (etch), this problem has been fixed in version 0.11.1-2etch2.

For the unstable distribution (sid), this problem has been fixed in version 0.11.4-5.

We recommend that you upgrade your opensc package and check your card(s) with the command described above.

Upgrade instructions

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Source archives:

http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz Size/MD5 checksum: 1263611 94ce00a6bda38fac10ab06f5d5d1a8c3 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz Size/MD5 checksum: 57088 9ce4247af885d39a5e76ac3e7e34f0e4 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc Size/MD5 checksum: 780 33700596584c295d4f27a8f6b8d6df93

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 296964 e8ba9833e1d3c00bb4dafc08648faf6d http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 205002 7146068470dd3c5bbacae9f48751d8fb http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 1077872 1a1963d40c9a03ea0dc1453a27e873af http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 727634 58de552b33ff885aee0193de0534563e http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 508256 94ea135b646b89c6dac6defd2bc931ac

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 483304 a375efabe5edf419f4f1419ee085ddb1 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 200004 84f28dc19675f1f8823b03151cbba47e http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 576968 fb1c4b415d1377ceac61661919cbebff http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 281180 c67f956ac36c4d65ec21ab91ba749866 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 1069138 ee204a5d9633f19d89347761b06aa21c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb Size/MD5 checksum: 1012086 fe7a7a2eaf19f7e83dd38991a5c5204b http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb Size/MD5 checksum: 450916 95c8301ca36a08ca0521df8a25267689 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb Size/MD5 checksum: 269182 acc05dce62d94e247043ae804abac541 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb Size/MD5 checksum: 529988 840e3aab09d7abde5b8060ceebf2dbd1 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb Size/MD5 checksum: 187988 13b7a94850732fd4d46f6cdf875ffb31

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 205576 a24fccd7e1772647d563a520b7417976 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 512374 dc2ad0c4dc8df1b4058818cc65b0ec10 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 1036394 7f83a52f5917cd3fcdbacdbd5cb27ea2 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 624512 a66dd86f267fd09099501d5b3154782c http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 283434 a852d66ff8c4c271b37bbcc0a746dac0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb Size/MD5 checksum: 537992 3fec817bfea6d558f42d2c2e107ca8b3 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb Size/MD5 checksum: 1019214 1ed6d07cb743c73042bab5151146b076 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb Size/MD5 checksum: 189454 445a4781859aef3414590f5e8481fdba http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb Size/MD5 checksum: 269976 e2e5124e70bf580c221e137b50f8ba48 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb Size/MD5 checksum: 453582 288dfd7b6c042abed22f167dba7a1125

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 1062184 c561302cc8a65b1fe98c71ba013880db http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 354024 5899f17bbab07f5a00c0ec6a740b3756 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 769910 e49ff6a5f80122aff066f3b290af9b84 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 620292 bb01c6292f364889da4225ba23cc78cb http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 206140 d34b648d6540c0d63b3fe581e1f9ac67

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb Size/MD5 checksum: 458414 275ae6b9f162e0852091d0e7836ae16c http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb Size/MD5 checksum: 195516 db0ce446bfb07303da80a9b8f274c1af http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb Size/MD5 checksum: 283004 e8b63a99a79a2d9dd6f734c1a8aa7b0d http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb Size/MD5 checksum: 1082506 14430ab357fed7616e4c186880752f4d http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb Size/MD5 checksum: 632954 b9556af01375a44f195e048a616cf21a

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 458378 3385aedc113e5593e349ebe4e6ba2098 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 284064 30e52ee872a4e8ccedee22bbdcbe3942 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 629272 796fd245c3afcf85ebeb6bdc7a465d7b http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 1060840 d500da50fe3a7aa346a12d9adb056c66 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 194570 20b4f260392f924ead7e4dcb236e450b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 599502 6bc486604c352ae1d6c34d17383166b4 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 1084300 21bad9d0eb8ce4b8f1399e9cdc266d06 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 473780 b9816427fdd321db40b8b393f4edfe9f http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 294664 0fa2e8c94c3039f3926df840d219a97c http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 205094 c300b7771a01300bf18849a22d250f60

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb Size/MD5 checksum: 217104 ff287b6aada1ff7552facbe6a71f317e http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb Size/MD5 checksum: 279122 124aa0833b5fc7d75b5404383064ddf2 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb Size/MD5 checksum: 485506 3ea3f682d8a0edf18cd51318c3d6e2a1 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb Size/MD5 checksum: 1050130 2de96bab485f9df0f88a87b945735fd7 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb Size/MD5 checksum: 552728 b14d87c97023f843b3a73805b4a05ea5

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 193650 7902081b0d97cae8dfceb35d778d010e http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 967974 084cfb2ce4ca9edb655dd849fbb543d4 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 544394 d7313b12e4fbe347ea4717af780d81f8 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 268122 19dd2ba72b9a01b804ee0173b3cacafc http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 442356 8e613a8e25f046b3218d350f47a27919

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSLp0FWz0hbPcukPfAQJHJggAvxoTpcwKezudh39JK5kOs11Hghx2Guxl Cs+NP5Rgeq3bATRuHk9WFx4QaEwF1Znah3+9W5+WEiPYgWQ7/uMwqOMHovipVD/s wqAik8iAukhwWdt7nsZ7I3D6MsvMt/+dkXOrkxZwAli3MArf0lt+/5x0kLgaIteL Wz5moAIM/e7way/k66iajbcw4ltC+kSfneNHP/Mi/i16sz0aADcEBdxzxNygnR4C 6sd11hWmWa4qJ1dNw4gDm7M088Xv6UH3BcC0OoXgH0wxophj34Bf6yYWjCni9V16 EfGvYIuXrhBBN5J1tLJsFB4m6NfBNk09B8ndY5wSKggBUuNFGPEx2Q== =qNCp -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200805-0585",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "opensc",
        "version": "0.11.4"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.3.2"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.8"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.8.0.0"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.4.0"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.9"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.11.0"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.6.1"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.9.8"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.11.2"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.9.6"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.3.5"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.9.7"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.11.1"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.11.3"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.7.0"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.6.0"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensc",
        "version": "0.8.1"
      },
      {
        "model": "opensc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "opensc team",
        "version": "0.11.5"
      },
      {
        "model": "cardos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "m4"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20080"
      },
      {
        "model": "opensc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensc",
        "version": "0.11.5"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "opensc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opensc",
        "version": "0.11.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chaskiel M Grundman",
    "sources": [
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-2235",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-2235",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-32360",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-2235",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200808-005",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-32360",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. OpenSC insecurely initializes smart cards  and USB crypto tokens based on Seimens CardOS M4. \nAttackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks. \nNOTE: This issue cannot be leveraged to access an existing PIN number. \nThis issue occurs in versions prior to OpenSC 0.11.6. OpenSC Insecure Permission Vulnerability. \n\nA  security  issue has been reported in OpenSC, which can be exploited by malicious people\nto bypass certain security restrictions. \n\n\nAffected packages:\n\n   Pardus 2008:\n     opensc, all before 0.11.6-7-2\n\n\nResolution\n==========\n\nThere are update(s) for opensc. You can update them via Package Manager\nor with a single command from console:\n\n     pisi up opensc\n\nReferences\n==========\n\n   * http://bugs.pardus.org.tr/show_bug.cgi?id=8066\n   * http://permalink.gmane.org/gmane.comp.security.oss.general/863\n   * http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html\n   * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235\n   * http://secunia.com/advisories/31330\n\n------------------------------------------------------------------------\n\n-- \nP\u0131nar Yanarda\u011f\nPardus Security Team\nhttp://security.pardus.org.tr\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/. \n \n The updated packages have been patched to prevent this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235\n http://www.opensc-project.org/security.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2007.1:\n 77f7d7afda2b14397fd49eb9a40fe277  2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm\n 63ac5b681a7c32ff5fa5a19eaacd99c4  2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm\n 70e9d0aa9fd4ee98e44acb640cca7334  2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm\n 9990fd668eb0db7a2c3a067663935e6c  2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm \n 2ef9d3fd31d521b775f36480608f5494  2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 7ff78a629ff3fc4ebae26081445476b5  2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm\n d782522d41b4c9c3740d6d3917560a9f  2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm\n 6e7cc1f3c8dd8485a182704d64a59c8b  2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm\n 9337e42a69c15124642ed8f9756fd3c2  2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm \n 2ef9d3fd31d521b775f36480608f5494  2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 4ce42db0e198b6ce9c9287594ee3fafd  2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm\n 70546abd01b00bab812fa6fea4ae4d16  2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm\n eba548b0a0547b26056233f5e8ca6adb  2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm\n 7220fd9c1e95158f787cc8369826ec32  2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm \n ce97f832256d12037e51bafb9d70e5ef  2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 5378764b2b2d3cd848ac0ac542287b94  2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm\n a6dbaabff7dbd6cabc1202a334c663b2  2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm\n f3b2891c740068fa7f328690f8a53c0a  2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm\n 9ad409a7e667a9bc7c448ad207ce2afd  2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm \n ce97f832256d12037e51bafb9d70e5ef  2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n d2f1aecf3d76a0de1eb2314467e8039c  2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm\n 25cbd704341f975c3608b2415f73876a  2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm\n afeb1a983ab5dc9175abe9a3d4d2a043  2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm\n 2e4f8fbf6baf274e24d0d68713c20bb0  2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm \n 53c7c0bc38eb3210137ce329559705cf  2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 78655b07b2736207d38d165f695f5e72  2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm\n 55f4a5fe2db33ec43b74353b92b01c6d  2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm\n 70d7f144e01d25f79b622484db2ef0bd  2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm\n 807e29fd2d0560f65eff7fff274aa5e2  2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm \n 53c7c0bc38eb3210137ce329559705cf  2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm\n\n Corporate 4.0:\n f429cd809bb72592a21b37921ef4c3a0  corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm\n f91cc391ac3c574701b27d65ff2f14eb  corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm\n 7eb7c1057b2c47306482d0afc1e6e859  corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm\n 4c69219b2f389fe050df05985deecb86  corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm \n 8830d7341d49f9da956a907e21e9a7a0  corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n d92325b44dbf5deb8cfcd0cbf4f59012  corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm\n 2944306bed9b725e7c0bc196416de3c2  corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm\n 424b680dbde7f548b731ecc4bf8021fc  corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm\n 70c9f7f70ca3e6635c80608189a220e0  corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm \n 8830d7341d49f9da956a907e21e9a7a0  corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIvX6MmqjQ0CJFipgRAoRWAKDJeFahAQ2AR414gjXP8O5e9kA+IQCdGkgV\nNXjfAeIK16LGCRR9/DHUvlU=\n=BPKk\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200812-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: OpenSC: Insufficient protection of smart card PIN\n      Date: December 10, 2008\n      Bugs: #233543\n        ID: 200812-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nSmart cards formatted using OpenSC do not sufficiently protect the PIN,\nallowing attackers to reset it. \n\nBackground\n==========\n\nOpenSC is a smart card application that allows reading and writing via\nPKCS#11. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSC users should upgrade to the latest version, and then check\nand update their smart cards:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/opensc-0.11.6\"\n    # pkcs15-tool --test-update\n    # pkcs15-tool --test-update --update\n\nReferences\n==========\n\n  [ 1 ] CVE-2008-2235\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200812-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1627-2                  security@debian.org\nhttp://www.debian.org/security/                          Thijs Kinkhorst\nAugust 31, 2008                       http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage        : opensc\nVulnerability  : programming error\nProblem type   : local\nDebian-specific: no\nCVE Id(s)      : CVE-2008-2235\n\nThe previous security update for opensc had a too strict check for\nvulnerable smart cards. It could flag cards as safe even though they may\nbe affected. This update corrects that problem. We advise users of the\nsmart cards concerned to re-check their card after updating the package,\nfollowing the procedure outlined in the original advisory text below. \n\nChaskiel M Grundman discovered that opensc, a library and utilities to\nhandle smart cards, would initialise smart cards with the Siemens CardOS M4\ncard operating system without proper access rights. This allowed everyone\nto change the card\u0027s PIN. However it can not be used to figure out the\nPIN. If the PIN on your card is still the same you always had, there\u0027s a\nreasonable chance that this vulnerability has not been exploited. \n\nAfter upgrading the package, running\n    pkcs15-tool -T\nwill show you whether the card is fine or vulnerable. If the card is\nvulnerable, you need to update the security setting using:\n    pkcs15-tool -T -U\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.11.1-2etch2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.11.4-5. \n\nWe recommend that you upgrade your opensc package and check your card(s)\nwith the command described above. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz\n    Size/MD5 checksum:  1263611 94ce00a6bda38fac10ab06f5d5d1a8c3\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz\n    Size/MD5 checksum:    57088 9ce4247af885d39a5e76ac3e7e34f0e4\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc\n    Size/MD5 checksum:      780 33700596584c295d4f27a8f6b8d6df93\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb\n    Size/MD5 checksum:   296964 e8ba9833e1d3c00bb4dafc08648faf6d\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb\n    Size/MD5 checksum:   205002 7146068470dd3c5bbacae9f48751d8fb\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb\n    Size/MD5 checksum:  1077872 1a1963d40c9a03ea0dc1453a27e873af\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb\n    Size/MD5 checksum:   727634 58de552b33ff885aee0193de0534563e\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb\n    Size/MD5 checksum:   508256 94ea135b646b89c6dac6defd2bc931ac\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb\n    Size/MD5 checksum:   483304 a375efabe5edf419f4f1419ee085ddb1\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb\n    Size/MD5 checksum:   200004 84f28dc19675f1f8823b03151cbba47e\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb\n    Size/MD5 checksum:   576968 fb1c4b415d1377ceac61661919cbebff\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb\n    Size/MD5 checksum:   281180 c67f956ac36c4d65ec21ab91ba749866\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb\n    Size/MD5 checksum:  1069138 ee204a5d9633f19d89347761b06aa21c\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb\n    Size/MD5 checksum:  1012086 fe7a7a2eaf19f7e83dd38991a5c5204b\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb\n    Size/MD5 checksum:   450916 95c8301ca36a08ca0521df8a25267689\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb\n    Size/MD5 checksum:   269182 acc05dce62d94e247043ae804abac541\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb\n    Size/MD5 checksum:   529988 840e3aab09d7abde5b8060ceebf2dbd1\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb\n    Size/MD5 checksum:   187988 13b7a94850732fd4d46f6cdf875ffb31\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb\n    Size/MD5 checksum:   205576 a24fccd7e1772647d563a520b7417976\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb\n    Size/MD5 checksum:   512374 dc2ad0c4dc8df1b4058818cc65b0ec10\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb\n    Size/MD5 checksum:  1036394 7f83a52f5917cd3fcdbacdbd5cb27ea2\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb\n    Size/MD5 checksum:   624512 a66dd86f267fd09099501d5b3154782c\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb\n    Size/MD5 checksum:   283434 a852d66ff8c4c271b37bbcc0a746dac0\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb\n    Size/MD5 checksum:   537992 3fec817bfea6d558f42d2c2e107ca8b3\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb\n    Size/MD5 checksum:  1019214 1ed6d07cb743c73042bab5151146b076\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb\n    Size/MD5 checksum:   189454 445a4781859aef3414590f5e8481fdba\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb\n    Size/MD5 checksum:   269976 e2e5124e70bf580c221e137b50f8ba48\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb\n    Size/MD5 checksum:   453582 288dfd7b6c042abed22f167dba7a1125\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb\n    Size/MD5 checksum:  1062184 c561302cc8a65b1fe98c71ba013880db\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb\n    Size/MD5 checksum:   354024 5899f17bbab07f5a00c0ec6a740b3756\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb\n    Size/MD5 checksum:   769910 e49ff6a5f80122aff066f3b290af9b84\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb\n    Size/MD5 checksum:   620292 bb01c6292f364889da4225ba23cc78cb\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb\n    Size/MD5 checksum:   206140 d34b648d6540c0d63b3fe581e1f9ac67\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb\n    Size/MD5 checksum:   458414 275ae6b9f162e0852091d0e7836ae16c\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb\n    Size/MD5 checksum:   195516 db0ce446bfb07303da80a9b8f274c1af\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb\n    Size/MD5 checksum:   283004 e8b63a99a79a2d9dd6f734c1a8aa7b0d\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb\n    Size/MD5 checksum:  1082506 14430ab357fed7616e4c186880752f4d\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb\n    Size/MD5 checksum:   632954 b9556af01375a44f195e048a616cf21a\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb\n    Size/MD5 checksum:   458378 3385aedc113e5593e349ebe4e6ba2098\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb\n    Size/MD5 checksum:   284064 30e52ee872a4e8ccedee22bbdcbe3942\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb\n    Size/MD5 checksum:   629272 796fd245c3afcf85ebeb6bdc7a465d7b\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb\n    Size/MD5 checksum:  1060840 d500da50fe3a7aa346a12d9adb056c66\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb\n    Size/MD5 checksum:   194570 20b4f260392f924ead7e4dcb236e450b\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb\n    Size/MD5 checksum:   599502 6bc486604c352ae1d6c34d17383166b4\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb\n    Size/MD5 checksum:  1084300 21bad9d0eb8ce4b8f1399e9cdc266d06\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb\n    Size/MD5 checksum:   473780 b9816427fdd321db40b8b393f4edfe9f\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb\n    Size/MD5 checksum:   294664 0fa2e8c94c3039f3926df840d219a97c\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb\n    Size/MD5 checksum:   205094 c300b7771a01300bf18849a22d250f60\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb\n    Size/MD5 checksum:   217104 ff287b6aada1ff7552facbe6a71f317e\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb\n    Size/MD5 checksum:   279122 124aa0833b5fc7d75b5404383064ddf2\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb\n    Size/MD5 checksum:   485506 3ea3f682d8a0edf18cd51318c3d6e2a1\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb\n    Size/MD5 checksum:  1050130 2de96bab485f9df0f88a87b945735fd7\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb\n    Size/MD5 checksum:   552728 b14d87c97023f843b3a73805b4a05ea5\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb\n    Size/MD5 checksum:   193650 7902081b0d97cae8dfceb35d778d010e\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb\n    Size/MD5 checksum:   967974 084cfb2ce4ca9edb655dd849fbb543d4\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb\n    Size/MD5 checksum:   544394 d7313b12e4fbe347ea4717af780d81f8\n  http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb\n    Size/MD5 checksum:   268122 19dd2ba72b9a01b804ee0173b3cacafc\n  http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb\n    Size/MD5 checksum:   442356 8e613a8e25f046b3218d350f47a27919\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niQEVAwUBSLp0FWz0hbPcukPfAQJHJggAvxoTpcwKezudh39JK5kOs11Hghx2Guxl\nCs+NP5Rgeq3bATRuHk9WFx4QaEwF1Znah3+9W5+WEiPYgWQ7/uMwqOMHovipVD/s\nwqAik8iAukhwWdt7nsZ7I3D6MsvMt/+dkXOrkxZwAli3MArf0lt+/5x0kLgaIteL\nWz5moAIM/e7way/k66iajbcw4ltC+kSfneNHP/Mi/i16sz0aADcEBdxzxNygnR4C\n6sd11hWmWa4qJ1dNw4gDm7M088Xv6UH3BcC0OoXgH0wxophj34Bf6yYWjCni9V16\nEfGvYIuXrhBBN5J1tLJsFB4m6NfBNk09B8ndY5wSKggBUuNFGPEx2Q==\n=qNCp\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "db": "PACKETSTORM",
        "id": "69539"
      },
      {
        "db": "PACKETSTORM",
        "id": "69577"
      },
      {
        "db": "PACKETSTORM",
        "id": "68794"
      },
      {
        "db": "PACKETSTORM",
        "id": "72834"
      },
      {
        "db": "PACKETSTORM",
        "id": "69541"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-32360",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-2235",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "30473",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "31330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "33115",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "32099",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "31360",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "34362",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449",
        "trust": 0.8
      },
      {
        "db": "SUSE",
        "id": "SUSE-SR:2009:004",
        "trust": 0.6
      },
      {
        "db": "SUSE",
        "id": "SUSE-SR:2008:019",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-1627",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200812-09",
        "trust": 0.6
      },
      {
        "db": "MANDRIVA",
        "id": "MDVSA-2008:183",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[OPENSC-ANNOUNCE] 20080731 OPENSC SECURITY VULNERABILITY AND NEW VERSIONS OF OPENSC, OPENCT, LIBP11, PAM_P11, ENGINE_PKCS11",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "44140",
        "trust": 0.6
      },
      {
        "db": "FEDORA",
        "id": "FEDORA-2009-2267",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "69539",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "68794",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "69577",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "69541",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "72834",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-32360",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "PACKETSTORM",
        "id": "69539"
      },
      {
        "db": "PACKETSTORM",
        "id": "69577"
      },
      {
        "db": "PACKETSTORM",
        "id": "68794"
      },
      {
        "db": "PACKETSTORM",
        "id": "72834"
      },
      {
        "db": "PACKETSTORM",
        "id": "69541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "id": "VAR-200805-0585",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:10:24.233000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
        "trust": 0.8,
        "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-july/000020.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-july/000020.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.opensc-project.org/security.html"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/31330"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/30473"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-march/msg00686.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:183"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31360"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/32099"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/33115"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34362"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2008/dsa-1627"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2235"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2235"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/44140"
      },
      {
        "trust": 0.6,
        "url": "http://lists.debian.org/debian-security-announce/2008/msg00212.html"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2235"
      },
      {
        "trust": 0.4,
        "url": "http://permalink.gmane.org/gmane.comp.security.oss.general/863"
      },
      {
        "trust": 0.3,
        "url": "http://www.opensc-project.org/"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.pardus.org.tr"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.pardus.org.tr/show_bug.cgi?id=8066"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2235"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "PACKETSTORM",
        "id": "69539"
      },
      {
        "db": "PACKETSTORM",
        "id": "69577"
      },
      {
        "db": "PACKETSTORM",
        "id": "68794"
      },
      {
        "db": "PACKETSTORM",
        "id": "72834"
      },
      {
        "db": "PACKETSTORM",
        "id": "69541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "db": "PACKETSTORM",
        "id": "69539"
      },
      {
        "db": "PACKETSTORM",
        "id": "69577"
      },
      {
        "db": "PACKETSTORM",
        "id": "68794"
      },
      {
        "db": "PACKETSTORM",
        "id": "72834"
      },
      {
        "db": "PACKETSTORM",
        "id": "69541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "date": "2008-07-31T00:00:00",
        "db": "BID",
        "id": "30473"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "date": "2008-08-31T23:50:00",
        "db": "PACKETSTORM",
        "id": "69539"
      },
      {
        "date": "2008-09-03T04:01:05",
        "db": "PACKETSTORM",
        "id": "69577"
      },
      {
        "date": "2008-08-04T21:25:05",
        "db": "PACKETSTORM",
        "id": "68794"
      },
      {
        "date": "2008-12-10T17:05:17",
        "db": "PACKETSTORM",
        "id": "72834"
      },
      {
        "date": "2008-08-31T23:53:00",
        "db": "PACKETSTORM",
        "id": "69541"
      },
      {
        "date": "2008-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "date": "2008-08-01T14:41:00",
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32360"
      },
      {
        "date": "2015-04-13T21:59:00",
        "db": "BID",
        "id": "30473"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      },
      {
        "date": "2009-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      },
      {
        "date": "2017-08-08T01:30:52.823000",
        "db": "NVD",
        "id": "CVE-2008-2235"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "30473"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSC In  PIN Vulnerability to be changed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004449"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-005"
      }
    ],
    "trust": 0.6
  }
}

ghsa-8cph-r8x9-fxx9

Vulnerability from github

Published

2022-05-01 23:47

Modified

2022-05-01 23:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2235"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-01T14:41:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.",
  "id": "GHSA-8cph-r8x9-fxx9",
  "modified": "2022-05-01T23:47:58Z",
  "published": "2022-05-01T23:47:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2235"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2008/dsa-1627"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31330"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31360"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32099"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33115"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34362"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
    },
    {
      "type": "WEB",
      "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
    },
    {
      "type": "WEB",
      "url": "http://www.opensc-project.org/security.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2008-2235

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-2235

Aliases

CVE-2008-2235

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2235",
    "description": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.",
    "id": "GSD-2008-2235",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2235.html",
      "https://www.debian.org/security/2008/dsa-1627"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2235"
      ],
      "details": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.",
      "id": "GSD-2008-2235",
      "modified": "2023-12-13T01:23:00.782125Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2235",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "30473",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30473"
          },
          {
            "name": "31330",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31330"
          },
          {
            "name": "34362",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34362"
          },
          {
            "name": "MDVSA-2008:183",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
          },
          {
            "name": "http://www.opensc-project.org/security.html",
            "refsource": "CONFIRM",
            "url": "http://www.opensc-project.org/security.html"
          },
          {
            "name": "33115",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33115"
          },
          {
            "name": "SUSE-SR:2009:004",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "31360",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31360"
          },
          {
            "name": "FEDORA-2009-2267",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
          },
          {
            "name": "DSA-1627",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2008/dsa-1627"
          },
          {
            "name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
            "refsource": "MLIST",
            "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
          },
          {
            "name": "32099",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32099"
          },
          {
            "name": "SUSE-SR:2008:019",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
          },
          {
            "name": "GLSA-200812-09",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
          },
          {
            "name": "opensc-smartcard-cryptotoken-weak-security(44140)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2235"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html"
            },
            {
              "name": "30473",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/30473"
            },
            {
              "name": "31360",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31360"
            },
            {
              "name": "31330",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31330"
            },
            {
              "name": "http://www.opensc-project.org/security.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.opensc-project.org/security.html"
            },
            {
              "name": "MDVSA-2008:183",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:183"
            },
            {
              "name": "32099",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "name": "SUSE-SR:2008:019",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "GLSA-200812-09",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200812-09.xml"
            },
            {
              "name": "33115",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33115"
            },
            {
              "name": "FEDORA-2009-2267",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html"
            },
            {
              "name": "34362",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34362"
            },
            {
              "name": "DSA-1627",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2008/dsa-1627"
            },
            {
              "name": "opensc-smartcard-cryptotoken-weak-security(44140)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44140"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:30Z",
      "publishedDate": "2008-08-01T14:41Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2008-2235

Vulnerability from cvelistv5

var-200805-0585

Vulnerability from variot

Resolution

References

Synopsis

Background

Workaround

Resolution

References

Availability

Concerns?

License

ghsa-8cph-r8x9-fxx9

Vulnerability from github

gsd-2008-2235

Vulnerability from gsd

Tags

Sightings

Nomenclature