Pardus Linux Security Advisory - A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions.
09e3b8dc9ef4a0333180e6e1a02ce6ba------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-33 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-08-31
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
[UPDATE]: Last security update with OpenSC 0.11.5 had a small glitch due
to a strict check, so this version fixes that issue.
A security issue has been reported in OpenSC, which can be exploited by malicious people
to bypass certain security restrictions.
Description
===========
The security issue is caused due to the application improperly setting
the ADMIN file control information to "00" while initializing smart
cards having a Siemens CardOS M4 operating system. This can be exploited
to change a user PIN code without having the PIN or PUK if the smart
card was initialized with OpenSC.
Affected packages:
Pardus 2008:
opensc, all before 0.11.6-7-2
Resolution
==========
There are update(s) for opensc. You can update them via Package Manager
or with a single command from console:
pisi up opensc
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8066
* http://permalink.gmane.org/gmane.comp.security.oss.general/863
* http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235
* http://secunia.com/advisories/31330
------------------------------------------------------------------------
--
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!