[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-3972Date: (C)2008-09-10   (M)2023-12-22


pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.6
Exploit Score: 3.9
Impact Score: 9.2
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-32099
SECUNIA-34362
FEDORA-2009-2267
SUSE-SR:2008:019
http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
http://www.openwall.com/lists/oss-security/2008/09/09/14
opensc-pkcs15tool-weak-security(45045)

CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:101476

© SecPod Technologies