Security Flaw in OpenSC's Smart Card Management Tool
CVE-2008-3972

Currently unrated

Key Information:

Vendor: Opensc-project
Status: Opensc
Vendor: CVE Published:; 11 September 2008

🔔 Create Opensc-project Vulnerability Alert

What is CVE-2008-3972?

The pkcs15-tool in OpenSC versions prior to 0.11.6 fails to implement security updates on smart cards unless they bear the label 'OpenSC'. This oversight can lead to situations where physically proximate attackers could exploit vulnerabilities that the card's owner believed had been addressed, notably including exploitations related to previous vulnerabilities, such as CVE-2008-2235. This may compromise the intended security enhancements of the tool and pose significant risks to users relying on the integrity of their smart card data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45045

vdb-entryx_refsource_XF

http://secunia.com/advisories/34362

third-party-advisoryx_refsource_SECUNIA

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Sep 9, 2008

CVE-2008-3972 Data

JSON