Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2008-2235

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE Linux Security Vulnerability: CVE-2008-2235

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:C/A:N)

Published

08/01/2008

Created

07/25/2018

Added

02/17/2015

Modified

07/04/2017

Description

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Solution(s)

suse-upgrade-libopensc2
suse-upgrade-libopensc2-32bit
suse-upgrade-libopensc2-64bit
suse-upgrade-opensc
suse-upgrade-opensc-32bit
suse-upgrade-opensc-64bit
suse-upgrade-opensc-devel
suse-upgrade-suse-release

References

https://attackerkb.com/topics/cve-2008-2235
30473
CVE - 2008-2235
DSA-1627
44140

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2008-2235

SUSE Linux Security Vulnerability: CVE-2008-2235

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Success! Thank you for submission. We will be in touch shortly.

Submit your information and we will get in touch with you.