CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:C/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
opensc-projectopensc
0.3.2
opensc-projectopensc
0.3.5
opensc-projectopensc
0.4.0
opensc-projectopensc
0.6.0
opensc-projectopensc
0.6.1
opensc-projectopensc
0.7.0
opensc-projectopensc
0.8
opensc-projectopensc
0.8.0.0
opensc-projectopensc
0.8.1
opensc-projectopensc
0.9
opensc-projectopensc
0.9.6
opensc-projectopensc
0.9.7
opensc-projectopensc
0.9.7:b
opensc-projectopensc
0.9.7:d
opensc-projectopensc
0.9.8
opensc-projectopensc
0.11.0
opensc-projectopensc
0.11.1
opensc-projectopensc
0.11.2
opensc-projectopensc
0.11.3
opensc-projectopensc
0.11.3:pre3
opensc-projectopensc
0.11.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opensc
bullseye
0.21.0-1
fixed
bookworm
0.23.0-0.3+deb12u1
fixed
sid
0.25.1-2
fixed
trixie
0.25.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opensc
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/31330
http://secunia.com/advisories/31360
http://secunia.com/advisories/32099
http://secunia.com/advisories/33115
http://secunia.com/advisories/34362
http://security.gentoo.org/glsa/glsa-200812-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:183
http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
http://www.opensc-project.org/security.html
http://www.securityfocus.com/bid/30473
https://exchange.xforce.ibmcloud.com/vulnerabilities/44140
https://www.debian.org/security/2008/dsa-1627
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/31330
http://secunia.com/advisories/31360
http://secunia.com/advisories/32099
http://secunia.com/advisories/33115
http://secunia.com/advisories/34362
http://security.gentoo.org/glsa/glsa-200812-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:183
http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
http://www.opensc-project.org/security.html
http://www.securityfocus.com/bid/30473
https://exchange.xforce.ibmcloud.com/vulnerabilities/44140
https://www.debian.org/security/2008/dsa-1627
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html