SuSE 10 Security Update : opensc (ZYPP Patch Number 5910)

medium Nessus Plugin ID 41567

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. (CVE-2008-2235)

NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option

-test-update and --update when necessary. Don't forget to reinitialize your smart cards if you are using cards with Siemens CardOS M4 operating system that were initialized using opensc!

Please find more information at http://www.opensc-project.org/security.html

This is the second attempt to fix this problem. The previous update was unforunately incomplete.

Solution

Apply ZYPP patch number 5910.

See Also

http://support.novell.com/security/cve/CVE-2008-2235.html

Plugin Details

Severity: Medium

ID: 41567

File Name: suse_opensc-5910.nasl

Version: 1.13

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/9/2008

Reference Information

CVE: CVE-2008-2235

CWE: 310