Sign-up

ID

VAR-200809-0570


CVE

CVE-2008-3972


TITLE

OpenSC of pkcs15-tool Vulnerabilities exploiting vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2008-004842

DESCRIPTION

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. Opensc is prone to a local security vulnerability. OpenSC is a smart card program and application library. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA32099 VERIFY ADVISORY: http://secunia.com/advisories/32099/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux Enterprise Server 9 http://secunia.com/advisories/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/advisories/product/12192/ openSUSE 11.0 http://secunia.com/advisories/product/19180/ openSUSE 10.3 http://secunia.com/advisories/product/16124/ openSUSE 10.2 http://secunia.com/advisories/product/13375/ SOFTWARE: Novell Open Enterprise Server 1.x http://secunia.com/advisories/product/4664/ DESCRIPTION: SUSE has issued an update for multiple packages. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Fedora update for opensc SECUNIA ADVISORY ID: SA34362 VERIFY ADVISORY: http://secunia.com/advisories/34362/ DESCRIPTION: Fedora has issued an update for opensc. This fixes some security issues, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA31330 SA34052 SOLUTION: Apply updated packages using the yum utility ("yum update opensc"). ORIGINAL ADVISORY: FEDORA-2009-2267: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html OTHER REFERENCES: SA31330: http://secunia.com/advisories/31330/ SA34052: http://secunia.com/advisories/34052/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2008-3972 // JVNDB: JVNDB-2008-004842 // BID: 84842 // VULHUB: VHN-34097 // PACKETSTORM: 70466 // PACKETSTORM: 75887

AFFECTED PRODUCTS

vendor:openscmodel:openscscope:eqversion:0.9.4

Trust: 1.9

vendor:openscmodel:openscscope:eqversion:0.9.3

Trust: 1.9

vendor:openscmodel:openscscope:eqversion:0.9.2

Trust: 1.9

vendor:openscmodel:openscscope:eqversion:0.8.1

Trust: 1.9

vendor:openscmodel:openscscope:eqversion:0.6.1

Trust: 1.9

vendor:openscmodel:openscscope:eqversion:0.8.0

Trust: 1.9

vendor:openscmodel:openscscope:eqversion:0.4.0

Trust: 1.6

vendor:openscmodel:openscscope:eqversion:0.7.0

Trust: 1.6

vendor:openscmodel:openscscope:eqversion:0.5.0

Trust: 1.6

vendor:openscmodel:openscscope:eqversion:0.6.0

Trust: 1.6

vendor:openscmodel:openscscope:eqversion:0.11.4

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.11.3

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.11.2

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.11.1

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.10.1

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.9.6

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.9.5

Trust: 1.3

vendor:openscmodel:openscscope:eqversion:0.10.0

Trust: 1.3

vendor:openscmodel:openscscope:lteversion:0.11.5

Trust: 1.0

vendor:openscmodel:openscscope:eqversion:0.11.0

Trust: 1.0

vendor:opensc teammodel:openscscope:ltversion:0.11.6

Trust: 0.8

vendor:openscmodel:openscscope:eqversion:0.11.5

Trust: 0.3

vendor:openscmodel:openscscope:eqversion:0.11

Trust: 0.3

vendor:openscmodel:openscscope:eqversion:0.7

Trust: 0.3

vendor:openscmodel:openscscope:eqversion:0.6

Trust: 0.3

vendor:openscmodel:openscscope:eqversion:0.5

Trust: 0.3

vendor:openscmodel:openscscope:eqversion:0.4

Trust: 0.3

vendor:openscmodel:pre3scope:eqversion:0.11.3

Trust: 0.3

sources: BID: 84842 // JVNDB: JVNDB-2008-004842 // CNNVD: CNNVD-200809-155 // NVD: CVE-2008-3972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3972
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-3972
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200809-155
value: MEDIUM

Trust: 0.6

VULHUB: VHN-34097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-3972
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34097
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34097 // JVNDB: JVNDB-2008-004842 // CNNVD: CNNVD-200809-155 // NVD: CVE-2008-3972

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-34097 // JVNDB: JVNDB-2008-004842 // NVD: CVE-2008-3972

THREAT TYPE

local

Trust: 1.0

sources: BID: 84842 // PACKETSTORM: 70466 // CNNVD: CNNVD-200809-155

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200809-155

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004842

PATCH
title:opensc 0.11.6 with fixed security updateurl:http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
Trust: 0.8
title:OpenSC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156701
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2008-004842 // 
            
            
            
            CNNVD: CNNVD-200809-155

EXTERNAL IDS
db:NVDid:CVE-2008-3972
Trust: 2.8
db:OPENWALLid:OSS-SECURITY/2008/09/09/14
Trust: 2.0
db:SECUNIAid:32099
Trust: 1.8
db:SECUNIAid:34362
Trust: 1.8
db:XFid:45045
Trust: 0.9
db:JVNDBid:JVNDB-2008-004842
Trust: 0.8
db:MLISTid:[OSS-SECURITY] 20080909 RE: OPENSC 0.11.6 WITH FIXED SECURITY UPDATE
Trust: 0.6
db:MLISTid:[OPENSC-ANNOUNCE] 20080827 OPENSC 0.11.6 WITH FIXED SECURITY UPDATE
Trust: 0.6
db:XFid:15
Trust: 0.6
db:SUSEid:SUSE-SR:2008:019
Trust: 0.6
db:FEDORAid:FEDORA-2009-2267
Trust: 0.6
db:CNNVDid:CNNVD-200809-155
Trust: 0.6
db:BIDid:84842
Trust: 0.4
db:VULHUBid:VHN-34097
Trust: 0.1
db:PACKETSTORMid:70466
Trust: 0.1
db:PACKETSTORMid:75887
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34097 // 
            
            
            
            BID: 84842 // 
            
            
            
            JVNDB: JVNDB-2008-004842 // 
            
            
            
            PACKETSTORM: 70466 // 
            
            
            
            PACKETSTORM: 75887 // 
            
            
            
            CNNVD: CNNVD-200809-155 // 
            
            
            
            NVD: CVE-2008-3972

REFERENCES
url:https://www.redhat.com/archives/fedora-package-announce/2009-march/msg00686.html
Trust: 2.1
url:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
Trust: 2.1
url:http://www.opensc-project.org/pipermail/opensc-announce/2008-august/000021.html
Trust: 2.0
url:http://www.openwall.com/lists/oss-security/2008/09/09/14
Trust: 2.0
url:http://secunia.com/advisories/32099
Trust: 1.7
url:http://secunia.com/advisories/34362
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/45045
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3972
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3972
Trust: 0.8
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/advisories/31330/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/product/4664/
Trust: 0.1
url:http://secunia.com/advisories/product/13375/
Trust: 0.1
url:http://secunia.com/advisories/30957/
Trust: 0.1
url:http://secunia.com/advisories/31823/
Trust: 0.1
url:http://secunia.com/advisories/product/4118/
Trust: 0.1
url:http://secunia.com/advisories/32099/
Trust: 0.1
url:http://secunia.com/advisories/30627/
Trust: 0.1
url:http://secunia.com/advisories/product/19180/
Trust: 0.1
url:http://secunia.com/advisories/product/12192/
Trust: 0.1
url:http://secunia.com/advisories/product/16124/
Trust: 0.1
url:http://secunia.com/advisories/34362/
Trust: 0.1
url:http://secunia.com/advisories/34052/
Trust: 0.1
url:http://secunia.com/advisories/try_vi/request_2008_report/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34097 // 
            
            
            
            BID: 84842 // 
            
            
            
            JVNDB: JVNDB-2008-004842 // 
            
            
            
            PACKETSTORM: 70466 // 
            
            
            
            PACKETSTORM: 75887 // 
            
            
            
            CNNVD: CNNVD-200809-155 // 
            
            
            
            NVD: CVE-2008-3972

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 84842

SOURCES
db:VULHUBid:VHN-34097
db:BIDid:84842
db:JVNDBid:JVNDB-2008-004842
db:PACKETSTORMid:70466
db:PACKETSTORMid:75887
db:CNNVDid:CNNVD-200809-155
db:NVDid:CVE-2008-3972

LAST UPDATE DATE
2025-04-10T22:34:47.450000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-34097date:2017-08-08T00:00:00
db:BIDid:84842date:2008-09-10T00:00:00
db:JVNDBid:JVNDB-2008-004842date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200809-155date:2021-07-14T00:00:00
db:NVDid:CVE-2008-3972date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-34097date:2008-09-11T00:00:00
db:BIDid:84842date:2008-09-10T00:00:00
db:JVNDBid:JVNDB-2008-004842date:2012-09-25T00:00:00
db:PACKETSTORMid:70466date:2008-09-30T23:23:28
db:PACKETSTORMid:75887date:2009-03-19T07:12:32
db:CNNVDid:CNNVD-200809-155date:2008-09-11T00:00:00
db:NVDid:CVE-2008-3972date:2008-09-11T01:13:47.807