CVE-2008-3972 - Vulnerability Details

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensc-project	Opensc
Siemens	Cardos

Configuration 1 [-]

AND

OR	cpe:2.3:a:opensc-project:opensc::::::::
	cpe:2.3:a:opensc-project:opensc:0.4.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.5.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.6.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.6.1:::::::*
	cpe:2.3:a:opensc-project:opensc:0.7.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.8.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.8.1:::::::*
	cpe:2.3:a:opensc-project:opensc:0.9.2:::::::*
	cpe:2.3:a:opensc-project:opensc:0.9.3:::::::*
	cpe:2.3:a:opensc-project:opensc:0.9.4:::::::*
	cpe:2.3:a:opensc-project:opensc:0.9.5:::::::*
	cpe:2.3:a:opensc-project:opensc:0.9.6:::::::*
	cpe:2.3:a:opensc-project:opensc:0.10.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.10.1:::::::*
	cpe:2.3:a:opensc-project:opensc:0.11.0:::::::*
	cpe:2.3:a:opensc-project:opensc:0.11.1:::::::*
	cpe:2.3:a:opensc-project:opensc:0.11.2:::::::*
	cpe:2.3:a:opensc-project:opensc:0.11.3:::::::*
	cpe:2.3:a:opensc-project:opensc:0.11.3:pre3::::::
	cpe:2.3:a:opensc-project:opensc:0.11.4:::::::*

cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://secunia.com/advisories/32099
http://secunia.com/advisories/34362
http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
http://www.openwall.com/lists/oss-security/2008/09/09/14
https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-10T15:00:00

Updated: 2024-08-07T10:00:42.172Z

Reserved: 2008-09-09T00:00:00

Link: CVE-2008-3972

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-11T01:13:47.807

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3972

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object