CVE-2008-3972

medium

Description

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

References

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/45045

http://www.openwall.com/lists/oss-security/2008/09/09/14

http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html

http://secunia.com/advisories/34362

http://secunia.com/advisories/32099

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

Details

Source: Mitre, NVD

Published: 2008-09-11

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium