Back to search
CVE-2008-3972
Published: Sep 10, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
opensc-pkcs15tool-weak-security(45045)
vdb-entry
x_refsource_XF
34362
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-2267
vendor-advisory
x_refsource_FEDORA
[oss-security] 20080909 Re: opensc 0.11.6 with fixed security update
mailing-list
x_refsource_MLIST
[opensc-announce] 20080827 opensc 0.11.6 with fixed security update
mailing-list
x_refsource_MLIST
32099
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:019
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now