ID CVE-2008-2235
Summary OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
References
Vulnerable Configurations
  • cpe:2.3:o:siemens:cardos:m4
    cpe:2.3:o:siemens:cardos:m4
  • cpe:2.3:a:opensc-project:opensc:0.11.0
    cpe:2.3:a:opensc-project:opensc:0.11.0
  • cpe:2.3:a:opensc-project:opensc:0.11.1
    cpe:2.3:a:opensc-project:opensc:0.11.1
  • cpe:2.3:a:opensc-project:opensc:0.11.2
    cpe:2.3:a:opensc-project:opensc:0.11.2
  • cpe:2.3:a:opensc-project:opensc:0.11.3
    cpe:2.3:a:opensc-project:opensc:0.11.3
  • cpe:2.3:a:opensc-project:opensc:0.11.3:pre3
    cpe:2.3:a:opensc-project:opensc:0.11.3:pre3
  • cpe:2.3:a:opensc-project:opensc:0.11.4
    cpe:2.3:a:opensc-project:opensc:0.11.4
  • cpe:2.3:a:opensc-project:opensc:0.3.2
    cpe:2.3:a:opensc-project:opensc:0.3.2
  • cpe:2.3:a:opensc-project:opensc:0.3.5
    cpe:2.3:a:opensc-project:opensc:0.3.5
  • cpe:2.3:a:opensc-project:opensc:0.4.0
    cpe:2.3:a:opensc-project:opensc:0.4.0
  • cpe:2.3:a:opensc-project:opensc:0.6.0
    cpe:2.3:a:opensc-project:opensc:0.6.0
  • cpe:2.3:a:opensc-project:opensc:0.6.1
    cpe:2.3:a:opensc-project:opensc:0.6.1
  • cpe:2.3:a:opensc-project:opensc:0.7.0
    cpe:2.3:a:opensc-project:opensc:0.7.0
  • cpe:2.3:a:opensc-project:opensc:0.8
    cpe:2.3:a:opensc-project:opensc:0.8
  • cpe:2.3:a:opensc-project:opensc:0.8.0.0
    cpe:2.3:a:opensc-project:opensc:0.8.0.0
  • cpe:2.3:a:opensc-project:opensc:0.8.1
    cpe:2.3:a:opensc-project:opensc:0.8.1
  • cpe:2.3:a:opensc-project:opensc:0.9
    cpe:2.3:a:opensc-project:opensc:0.9
  • cpe:2.3:a:opensc-project:opensc:0.9.6
    cpe:2.3:a:opensc-project:opensc:0.9.6
  • cpe:2.3:a:opensc-project:opensc:0.9.7
    cpe:2.3:a:opensc-project:opensc:0.9.7
  • cpe:2.3:a:opensc-project:opensc:0.9.7:b
    cpe:2.3:a:opensc-project:opensc:0.9.7:b
  • cpe:2.3:a:opensc-project:opensc:0.9.7:d
    cpe:2.3:a:opensc-project:opensc:0.9.7:d
  • cpe:2.3:a:opensc-project:opensc:0.9.8
    cpe:2.3:a:opensc-project:opensc:0.9.8
CVSS
Base: 4.9 (as of 01-08-2008 - 12:07)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBOPENSC2-080910.NASL
    description This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization (CVE-2008-2235). NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary. Please find more information at http://www.opensc-project.org/security.html This is the second attempt to fix this problem. The previous update was unforunately incomplete.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40030
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40030
    title openSUSE Security Update : libopensc2 (libopensc2-186)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSC-5588.NASL
    description This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option -test-update and --update when necessary. Please find more information at http://www.opensc-project.org/security.html This is the second attempt to fix this problem. The previous update was unforunately incomplete.
    last seen 2019-02-21
    modified 2012-10-08
    plugin id 34262
    published 2008-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34262
    title SuSE 10 Security Update : opensc, opensc-devel (ZYPP Patch Number 5588)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-183.NASL
    description Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235). Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37949
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37949
    title Mandriva Linux Security Advisory : opensc (MDVSA-2008:183)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12240.NASL
    description This revised update fixes a security issue with opensc that occurs when initializing blank smart cards with Siemens CardOS M4. After initialization, anyone could set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: cards already initialized with the old version are still vulnerable after this update. Please use the command-line tool pkcs15-tool with the options --test-update and --update if necessary. Please find more information at http://www.opensc-project.org/security.html
    last seen 2019-02-21
    modified 2012-10-08
    plugin id 41241
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41241
    title SuSE9 Security Update : opensc, opensc-devel (YOU Patch Number 12240)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2267.NASL
    description Security update fixing CVE-2008-3972, CVE-2008-2235, and CVE-2009-0368. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35959
    published 2009-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35959
    title Fedora 9 : opensc-0.11.7-1.fc9 (2009-2267)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBOPENSC2-5494.NASL
    description This update fixes a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 34073
    published 2008-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34073
    title openSUSE 10 Security Update : libopensc2 (libopensc2-5494)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12216.NASL
    description This update fix a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary.
    last seen 2019-02-21
    modified 2012-10-08
    plugin id 41230
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41230
    title SuSE9 Security Update : opensc (YOU Patch Number 12216)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200812-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200812-09 (OpenSC: Insufficient protection of smart card PIN) Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Impact : A physically proximate attacker can exploit this vulnerability to change the PIN on a smart card and use it for authentication, leading to privilege escalation. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 35084
    published 2008-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35084
    title GLSA-200812-09 : OpenSC: Insufficient protection of smart card PIN
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1627.NASL
    description Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. With this bug anyone can change a user PIN without having the PIN or PUK or the superusers PIN or PUK. However it can not be used to figure out the PIN. If the PIN on your card is still the same you always had, there's a reasonable chance that this vulnerability has not been exploited. This vulnerability affects only smart cards and USB crypto tokens based on Siemens CardOS M4, and within that group only those that were initialised with OpenSC. Users of other smart cards and USB crypto tokens, or cards that have been initialised with some software other than OpenSC, are not affected. After upgrading the package, runningpkcs15-tool -Twill show you whether the card is fine or vulnerable. If the card is vulnerable, you need to update the security setting using:pkcs15-tool -T -U.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33826
    published 2008-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33826
    title Debian DSA-1627-2 : opensc - programming error
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBOPENSC2-5587.NASL
    description This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization (CVE-2008-2235). NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary. Please find more information at http://www.opensc-project.org/security.html This is the second attempt to fix this problem. The previous update was unforunately incomplete.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 34261
    published 2008-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34261
    title openSUSE 10 Security Update : libopensc2 (libopensc2-5587)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBOPENSC2-080801.NASL
    description This update fixes a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40029
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40029
    title openSUSE Security Update : libopensc2 (libopensc2-130)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSC-5493.NASL
    description This update fix a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary.
    last seen 2019-02-21
    modified 2012-10-08
    plugin id 34078
    published 2008-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34078
    title SuSE 10 Security Update : opensc (ZYPP Patch Number 5493)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSC-5910.NASL
    description This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option -test-update and --update when necessary. Don't forget to reinitialize your smart cards if you are using cards with Siemens CardOS M4 operating system that were initialized using opensc! Please find more information at http://www.opensc-project.org/security.html This is the second attempt to fix this problem. The previous update was unforunately incomplete.
    last seen 2019-02-21
    modified 2012-10-08
    plugin id 41567
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41567
    title SuSE 10 Security Update : opensc (ZYPP Patch Number 5910)
refmap via4
bid 30473
confirm http://www.opensc-project.org/security.html
debian DSA-1627
fedora FEDORA-2009-2267
gentoo GLSA-200812-09
mandriva MDVSA-2008:183
mlist [opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11
secunia
  • 31330
  • 31360
  • 32099
  • 33115
  • 34362
suse
  • SUSE-SR:2008:019
  • SUSE-SR:2009:004
xf opensc-smartcard-cryptotoken-weak-security(44140)
statements via4
contributor
lastmodified 2008-08-14
organization Siemens
statement Siemens has analyzed this report and states that no security breach can be found in the Siemens CardOS M4 itself and it thus does not relate to any Siemens component. The reported vulnerability (caused by inappropriate personalization) is due to an issue in the OPENSC middleware detailed information can be found under http://www.opensc-project.org/security.html. Therefore, Siemens recommends all customers and partners using OPENSC to use either the current version 0.11.5 of OPENSC in which this vulnerability is fixed or to use the bug fix suggested under http://freshmeat.net/articles/view/3333/. We hope that we could help you with this recommendation. If you have further questions, please contact the Siemens CardOS hotline under: scs-support.med@siemens.com Phone: +49 89 636 35996 (Mo.-Fr. 9:00-17:00 German time)
Last major update 07-12-2016 - 22:00
Published 01-08-2008 - 10:41
Last modified 07-08-2017 - 21:30
Back to Top