CVE-2008-3972
First published: Wed Sep 10 2008(Updated: )
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE OpenSC | <=0.11.5 | |
| SUSE OpenSC | =0.4.0 | |
| SUSE OpenSC | =0.5.0 | |
| SUSE OpenSC | =0.6.0 | |
| SUSE OpenSC | =0.6.1 | |
| SUSE OpenSC | =0.7.0 | |
| SUSE OpenSC | =0.8.0 | |
| SUSE OpenSC | =0.8.1 | |
| SUSE OpenSC | =0.9.2 | |
| SUSE OpenSC | =0.9.3 | |
| SUSE OpenSC | =0.9.4 | |
| SUSE OpenSC | =0.9.5 | |
| SUSE OpenSC | =0.9.6 | |
| SUSE OpenSC | =0.10.0 | |
| SUSE OpenSC | =0.10.1 | |
| SUSE OpenSC | =0.11.0 | |
| SUSE OpenSC | =0.11.1 | |
| SUSE OpenSC | =0.11.2 | |
| SUSE OpenSC | =0.11.3 | |
| SUSE OpenSC | =0.11.3-pre3 | |
| SUSE OpenSC | =0.11.4 | |
| Siemens CardOS | =m4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/09/09/14
- http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
- http://secunia.com/advisories/32099
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
- http://secunia.com/advisories/34362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
Frequently Asked Questions
What is the severity of CVE-2008-3972?
CVE-2008-3972 is classified as a medium severity vulnerability due to the specific conditions required for exploitation.
How do I fix CVE-2008-3972?
To fix CVE-2008-3972, upgrade OpenSC to version 0.11.6 or later where this issue is addressed.
What types of attacks can exploit CVE-2008-3972?
CVE-2008-3972 can be exploited by physically proximate attackers who can manipulate vulnerable smart cards.
Which versions of OpenSC are affected by CVE-2008-3972?
CVE-2008-3972 affects all OpenSC versions prior to 0.11.6, including versions from 0.4.0 to 0.11.5.
What are the implications of CVE-2008-3972 for users?
Users of vulnerable OpenSC versions may unwittingly allow attackers to exploit unpatched vulnerabilities on their smart cards.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/opensc-project
- canonical/suse opensc
- version/suse opensc/0.11.5
- version/suse opensc/0.4.0
- version/suse opensc/0.5.0
- version/suse opensc/0.6.0
- version/suse opensc/0.6.1
- version/suse opensc/0.7.0
- version/suse opensc/0.8.0
- version/suse opensc/0.8.1
- version/suse opensc/0.9.2
- version/suse opensc/0.9.3
- version/suse opensc/0.9.4
- version/suse opensc/0.9.5
- version/suse opensc/0.9.6
- version/suse opensc/0.10.0
- version/suse opensc/0.10.1
- version/suse opensc/0.11.0
- version/suse opensc/0.11.1
- version/suse opensc/0.11.2
- version/suse opensc/0.11.3
- version/suse opensc/0.11.3-pre3
- version/suse opensc/0.11.4
- vendor/siemens
- canonical/siemens cardos
- version/siemens cardos/m4