Details of VAR-200805-0585

ID

VAR-200805-0585

CVE

CVE-2008-2235

TITLE

OpenSC In PIN Vulnerability to be changed

Trust: 0.8

sources: JVNDB: JVNDB-2008-004449

DESCRIPTION

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4. Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks. NOTE: This issue cannot be leveraged to access an existing PIN number. This issue occurs in versions prior to OpenSC 0.11.6. OpenSC Insecure Permission Vulnerability. A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions. Affected packages: Pardus 2008: opensc, all before 0.11.6-7-2 Resolution ========== There are update(s) for opensc. You can update them via Package Manager or with a single command from console: pisi up opensc References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8066 * http://permalink.gmane.org/gmane.comp.security.oss.general/863 * http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235 * http://secunia.com/advisories/31330 ------------------------------------------------------------------------ -- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 http://www.opensc-project.org/security.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 77f7d7afda2b14397fd49eb9a40fe277 2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm 63ac5b681a7c32ff5fa5a19eaacd99c4 2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm 70e9d0aa9fd4ee98e44acb640cca7334 2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm 9990fd668eb0db7a2c3a067663935e6c 2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 7ff78a629ff3fc4ebae26081445476b5 2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm d782522d41b4c9c3740d6d3917560a9f 2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm 6e7cc1f3c8dd8485a182704d64a59c8b 2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 9337e42a69c15124642ed8f9756fd3c2 2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 4ce42db0e198b6ce9c9287594ee3fafd 2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm 70546abd01b00bab812fa6fea4ae4d16 2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm eba548b0a0547b26056233f5e8ca6adb 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm 7220fd9c1e95158f787cc8369826ec32 2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5378764b2b2d3cd848ac0ac542287b94 2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm a6dbaabff7dbd6cabc1202a334c663b2 2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm f3b2891c740068fa7f328690f8a53c0a 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm 9ad409a7e667a9bc7c448ad207ce2afd 2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm Mandriva Linux 2008.1: d2f1aecf3d76a0de1eb2314467e8039c 2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm 25cbd704341f975c3608b2415f73876a 2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm afeb1a983ab5dc9175abe9a3d4d2a043 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm 2e4f8fbf6baf274e24d0d68713c20bb0 2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 78655b07b2736207d38d165f695f5e72 2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm 55f4a5fe2db33ec43b74353b92b01c6d 2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm 70d7f144e01d25f79b622484db2ef0bd 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 807e29fd2d0560f65eff7fff274aa5e2 2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm Corporate 4.0: f429cd809bb72592a21b37921ef4c3a0 corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm f91cc391ac3c574701b27d65ff2f14eb corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm 7eb7c1057b2c47306482d0afc1e6e859 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm 4c69219b2f389fe050df05985deecb86 corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: d92325b44dbf5deb8cfcd0cbf4f59012 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm 2944306bed9b725e7c0bc196416de3c2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm 424b680dbde7f548b731ecc4bf8021fc corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 70c9f7f70ca3e6635c80608189a220e0 corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvX6MmqjQ0CJFipgRAoRWAKDJeFahAQ2AR414gjXP8O5e9kA+IQCdGkgV NXjfAeIK16LGCRR9/DHUvlU= =BPKk -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSC: Insufficient protection of smart card PIN Date: December 10, 2008 Bugs: #233543 ID: 200812-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it. Background ========== OpenSC is a smart card application that allows reading and writing via PKCS#11. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSC users should upgrade to the latest version, and then check and update their smart cards: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.6" # pkcs15-tool --test-update # pkcs15-tool --test-update --update References ========== [ 1 ] CVE-2008-2235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1627-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 31, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : opensc Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-2235 The previous security update for opensc had a too strict check for vulnerable smart cards. It could flag cards as safe even though they may be affected. This update corrects that problem. We advise users of the smart cards concerned to re-check their card after updating the package, following the procedure outlined in the original advisory text below. Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. However it can not be used to figure out the PIN. If the PIN on your card is still the same you always had, there's a reasonable chance that this vulnerability has not been exploited. After upgrading the package, running pkcs15-tool -T will show you whether the card is fine or vulnerable. If the card is vulnerable, you need to update the security setting using: pkcs15-tool -T -U For the stable distribution (etch), this problem has been fixed in version 0.11.1-2etch2. For the unstable distribution (sid), this problem has been fixed in version 0.11.4-5. We recommend that you upgrade your opensc package and check your card(s) with the command described above. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz Size/MD5 checksum: 1263611 94ce00a6bda38fac10ab06f5d5d1a8c3 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz Size/MD5 checksum: 57088 9ce4247af885d39a5e76ac3e7e34f0e4 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc Size/MD5 checksum: 780 33700596584c295d4f27a8f6b8d6df93 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 296964 e8ba9833e1d3c00bb4dafc08648faf6d http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 205002 7146068470dd3c5bbacae9f48751d8fb http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 1077872 1a1963d40c9a03ea0dc1453a27e873af http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 727634 58de552b33ff885aee0193de0534563e http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb Size/MD5 checksum: 508256 94ea135b646b89c6dac6defd2bc931ac amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 483304 a375efabe5edf419f4f1419ee085ddb1 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 200004 84f28dc19675f1f8823b03151cbba47e http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 576968 fb1c4b415d1377ceac61661919cbebff http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 281180 c67f956ac36c4d65ec21ab91ba749866 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb Size/MD5 checksum: 1069138 ee204a5d9633f19d89347761b06aa21c arm architecture (ARM) http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb Size/MD5 checksum: 1012086 fe7a7a2eaf19f7e83dd38991a5c5204b http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb Size/MD5 checksum: 450916 95c8301ca36a08ca0521df8a25267689 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb Size/MD5 checksum: 269182 acc05dce62d94e247043ae804abac541 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb Size/MD5 checksum: 529988 840e3aab09d7abde5b8060ceebf2dbd1 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb Size/MD5 checksum: 187988 13b7a94850732fd4d46f6cdf875ffb31 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 205576 a24fccd7e1772647d563a520b7417976 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 512374 dc2ad0c4dc8df1b4058818cc65b0ec10 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 1036394 7f83a52f5917cd3fcdbacdbd5cb27ea2 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 624512 a66dd86f267fd09099501d5b3154782c http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb Size/MD5 checksum: 283434 a852d66ff8c4c271b37bbcc0a746dac0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb Size/MD5 checksum: 537992 3fec817bfea6d558f42d2c2e107ca8b3 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb Size/MD5 checksum: 1019214 1ed6d07cb743c73042bab5151146b076 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb Size/MD5 checksum: 189454 445a4781859aef3414590f5e8481fdba http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb Size/MD5 checksum: 269976 e2e5124e70bf580c221e137b50f8ba48 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb Size/MD5 checksum: 453582 288dfd7b6c042abed22f167dba7a1125 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 1062184 c561302cc8a65b1fe98c71ba013880db http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 354024 5899f17bbab07f5a00c0ec6a740b3756 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 769910 e49ff6a5f80122aff066f3b290af9b84 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 620292 bb01c6292f364889da4225ba23cc78cb http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb Size/MD5 checksum: 206140 d34b648d6540c0d63b3fe581e1f9ac67 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb Size/MD5 checksum: 458414 275ae6b9f162e0852091d0e7836ae16c http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb Size/MD5 checksum: 195516 db0ce446bfb07303da80a9b8f274c1af http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb Size/MD5 checksum: 283004 e8b63a99a79a2d9dd6f734c1a8aa7b0d http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb Size/MD5 checksum: 1082506 14430ab357fed7616e4c186880752f4d http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb Size/MD5 checksum: 632954 b9556af01375a44f195e048a616cf21a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 458378 3385aedc113e5593e349ebe4e6ba2098 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 284064 30e52ee872a4e8ccedee22bbdcbe3942 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 629272 796fd245c3afcf85ebeb6bdc7a465d7b http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 1060840 d500da50fe3a7aa346a12d9adb056c66 http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb Size/MD5 checksum: 194570 20b4f260392f924ead7e4dcb236e450b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 599502 6bc486604c352ae1d6c34d17383166b4 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 1084300 21bad9d0eb8ce4b8f1399e9cdc266d06 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 473780 b9816427fdd321db40b8b393f4edfe9f http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 294664 0fa2e8c94c3039f3926df840d219a97c http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb Size/MD5 checksum: 205094 c300b7771a01300bf18849a22d250f60 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb Size/MD5 checksum: 217104 ff287b6aada1ff7552facbe6a71f317e http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb Size/MD5 checksum: 279122 124aa0833b5fc7d75b5404383064ddf2 http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb Size/MD5 checksum: 485506 3ea3f682d8a0edf18cd51318c3d6e2a1 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb Size/MD5 checksum: 1050130 2de96bab485f9df0f88a87b945735fd7 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb Size/MD5 checksum: 552728 b14d87c97023f843b3a73805b4a05ea5 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 193650 7902081b0d97cae8dfceb35d778d010e http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 967974 084cfb2ce4ca9edb655dd849fbb543d4 http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 544394 d7313b12e4fbe347ea4717af780d81f8 http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 268122 19dd2ba72b9a01b804ee0173b3cacafc http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb Size/MD5 checksum: 442356 8e613a8e25f046b3218d350f47a27919 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSLp0FWz0hbPcukPfAQJHJggAvxoTpcwKezudh39JK5kOs11Hghx2Guxl Cs+NP5Rgeq3bATRuHk9WFx4QaEwF1Znah3+9W5+WEiPYgWQ7/uMwqOMHovipVD/s wqAik8iAukhwWdt7nsZ7I3D6MsvMt/+dkXOrkxZwAli3MArf0lt+/5x0kLgaIteL Wz5moAIM/e7way/k66iajbcw4ltC+kSfneNHP/Mi/i16sz0aADcEBdxzxNygnR4C 6sd11hWmWa4qJ1dNw4gDm7M088Xv6UH3BcC0OoXgH0wxophj34Bf6yYWjCni9V16 EfGvYIuXrhBBN5J1tLJsFB4m6NfBNk09B8ndY5wSKggBUuNFGPEx2Q== =qNCp -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2008-2235 // JVNDB: JVNDB-2008-004449 // BID: 30473 // VULHUB: VHN-32360 // PACKETSTORM: 69539 // PACKETSTORM: 69577 // PACKETSTORM: 68794 // PACKETSTORM: 72834 // PACKETSTORM: 69541

AFFECTED PRODUCTS

vendor:	opensc	model:	opensc	scope:	eq	version:	0.11.4	Trust: 1.3
vendor:	opensc	model:	opensc	scope:	eq	version:	0.9.8	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.9.6	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.11.2	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.3.5	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.4.0	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.6.1	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.8.0.0	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.9	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.9.7	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.11.1	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.8	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.11.3	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.6.0	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.7.0	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.3.2	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.8.1	Trust: 1.0
vendor:	opensc	model:	opensc	scope:	eq	version:	0.11.0	Trust: 1.0
vendor:	opensc team	model:	opensc	scope:	lt	version:	0.11.5	Trust: 0.8
vendor:	siemens	model:	cardos	scope:	eq	version:	m4	Trust: 0.6
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	10	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	pardus	model:	linux	scope:	eq	version:	20080	Trust: 0.3
vendor:	opensc	model:	opensc	scope:	eq	version:	0.11.5	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 0.3
vendor:	opensc	model:	opensc	scope:	ne	version:	0.11.6	Trust: 0.3

sources: BID: 30473 // JVNDB: JVNDB-2008-004449 // CNNVD: CNNVD-200808-005 // NVD: CVE-2008-2235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-2235
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-2235
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200808-005
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-32360
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-2235
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-32360
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-32360 // JVNDB: JVNDB-2008-004449 // CNNVD: CNNVD-200808-005 // NVD: CVE-2008-2235

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-32360 // JVNDB: JVNDB-2008-004449 // NVD: CVE-2008-2235

THREAT TYPE

local

Trust: 0.9

sources: BID: 30473 // CNNVD: CNNVD-200808-005

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200808-005

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-004449

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-32360

PATCH

title:

OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11

url:

http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-004449

EXTERNAL IDS

db:	NVD	id:	CVE-2008-2235	Trust: 3.3
db:	BID	id:	30473	Trust: 2.0
db:	SECUNIA	id:	31330	Trust: 1.8
db:	SECUNIA	id:	33115	Trust: 1.7
db:	SECUNIA	id:	32099	Trust: 1.7
db:	SECUNIA	id:	31360	Trust: 1.7
db:	SECUNIA	id:	34362	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-004449	Trust: 0.8
db:	SUSE	id:	SUSE-SR:2009:004	Trust: 0.6
db:	SUSE	id:	SUSE-SR:2008:019	Trust: 0.6
db:	DEBIAN	id:	DSA-1627	Trust: 0.6
db:	GENTOO	id:	GLSA-200812-09	Trust: 0.6
db:	MANDRIVA	id:	MDVSA-2008:183	Trust: 0.6
db:	MLIST	id:	[OPENSC-ANNOUNCE] 20080731 OPENSC SECURITY VULNERABILITY AND NEW VERSIONS OF OPENSC, OPENCT, LIBP11, PAM_P11, ENGINE_PKCS11	Trust: 0.6
db:	XF	id:	44140	Trust: 0.6
db:	FEDORA	id:	FEDORA-2009-2267	Trust: 0.6
db:	CNNVD	id:	CNNVD-200808-005	Trust: 0.6
db:	PACKETSTORM	id:	69539	Trust: 0.2
db:	PACKETSTORM	id:	68794	Trust: 0.2
db:	PACKETSTORM	id:	69577	Trust: 0.2
db:	PACKETSTORM	id:	69541	Trust: 0.2
db:	PACKETSTORM	id:	72834	Trust: 0.2
db:	VULHUB	id:	VHN-32360	Trust: 0.1

sources: VULHUB: VHN-32360 // BID: 30473 // JVNDB: JVNDB-2008-004449 // PACKETSTORM: 69539 // PACKETSTORM: 69577 // PACKETSTORM: 68794 // PACKETSTORM: 72834 // PACKETSTORM: 69541 // CNNVD: CNNVD-200808-005 // NVD: CVE-2008-2235

REFERENCES

url:	http://www.opensc-project.org/pipermail/opensc-announce/2008-july/000020.html	Trust: 2.1
url:	http://www.opensc-project.org/security.html	Trust: 1.8
url:	http://security.gentoo.org/glsa/glsa-200812-09.xml	Trust: 1.8
url:	http://secunia.com/advisories/31330	Trust: 1.8
url:	http://www.securityfocus.com/bid/30473	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-march/msg00686.html	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2008:183	Trust: 1.7
url:	http://secunia.com/advisories/31360	Trust: 1.7
url:	http://secunia.com/advisories/32099	Trust: 1.7
url:	http://secunia.com/advisories/33115	Trust: 1.7
url:	http://secunia.com/advisories/34362	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	Trust: 1.7
url:	https://www.debian.org/security/2008/dsa-1627	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44140	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2235	Trust: 1.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2235	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/44140	Trust: 0.6
url:	http://lists.debian.org/debian-security-announce/2008/msg00212.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2235	Trust: 0.5
url:	http://permalink.gmane.org/gmane.comp.security.oss.general/863	Trust: 0.4
url:	http://www.opensc-project.org/	Trust: 0.3
url:	http://www.debian.org/security/faq	Trust: 0.2
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz	Trust: 0.2
url:	http://packages.debian.org/<pkg>	Trust: 0.2
url:	http://security.debian.org/	Trust: 0.2
url:	http://www.debian.org/security/	Trust: 0.2
url:	http://security.pardus.org.tr	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://bugs.pardus.org.tr/show_bug.cgi?id=8066	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2235	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_ia64.deb	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb	Trust: 0.1

CREDITS

Chaskiel M Grundman

Trust: 0.9

sources: BID: 30473 // CNNVD: CNNVD-200808-005

SOURCES

db:	VULHUB	id:	VHN-32360
db:	BID	id:	30473
db:	JVNDB	id:	JVNDB-2008-004449
db:	PACKETSTORM	id:	69539
db:	PACKETSTORM	id:	69577
db:	PACKETSTORM	id:	68794
db:	PACKETSTORM	id:	72834
db:	PACKETSTORM	id:	69541
db:	CNNVD	id:	CNNVD-200808-005
db:	NVD	id:	CVE-2008-2235

LAST UPDATE DATE

2024-11-22T21:41:00.377000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-32360	date:	2017-08-08T00:00:00
db:	BID	id:	30473	date:	2015-04-13T21:59:00
db:	JVNDB	id:	JVNDB-2008-004449	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200808-005	date:	2009-03-25T00:00:00
db:	NVD	id:	CVE-2008-2235	date:	2017-08-08T01:30:52.823

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-32360	date:	2008-08-01T00:00:00
db:	BID	id:	30473	date:	2008-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2008-004449	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	69539	date:	2008-08-31T23:50:00
db:	PACKETSTORM	id:	69577	date:	2008-09-03T04:01:05
db:	PACKETSTORM	id:	68794	date:	2008-08-04T21:25:05
db:	PACKETSTORM	id:	72834	date:	2008-12-10T17:05:17
db:	PACKETSTORM	id:	69541	date:	2008-08-31T23:53:00
db:	CNNVD	id:	CNNVD-200808-005	date:	2008-08-01T00:00:00
db:	NVD	id:	CVE-2008-2235	date:	2008-08-01T14:41:00