Paketname
opensc
Datum
2008-09-02
Advisory ID
MDVSA-2008:183
Betroffene Versionen
2008.0 i586 , 2007.1 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problembeschreibung

Chaskiel M Grundman found that OpenSC would initialize smart cards
with the Siemens CardOS M4 card operating system without proper access
rights. This allowed everyone to change the card's PIN without first
having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235).

Please note that this issue can not be used to discover the PIN on
a card. If the PIN on a card is the same that was always there,
it is unlikely that this vulnerability has been exploited. As well,
this issue only affects smart cards and USB crypto tokens based on
Siemens CardOS M4, and then only those devices that were initialized
by OpenSC. Users of other smart cards or USB crypto tokens, or cards
that were not initialized by OpenSC, are not affected.

After applying the update, executing 'pkcs15-tool -T' will indicate
whether the card is fine or vulnerable. If the card is vulnerable, the
security settings need to be updated by executing 'pkcs15-tool -T -U'.

The updated packages have been patched to prevent this issue.

Aktualisierte Pakete

2008.0 i586

 4ce42db0e198b6ce9c9287594ee3fafd  2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm
 70546abd01b00bab812fa6fea4ae4d16  2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm
 eba548b0a0547b26056233f5e8ca6adb  2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm
 7220fd9c1e95158f787cc8369826ec32  2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm 
 ce97f832256d12037e51bafb9d70e5ef  2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm

2007.1 i586

 77f7d7afda2b14397fd49eb9a40fe277  2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm
 63ac5b681a7c32ff5fa5a19eaacd99c4  2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm
 70e9d0aa9fd4ee98e44acb640cca7334  2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm
 9990fd668eb0db7a2c3a067663935e6c  2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm 
 2ef9d3fd31d521b775f36480608f5494  2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm

CS4.0 i586

 f429cd809bb72592a21b37921ef4c3a0  corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm
 f91cc391ac3c574701b27d65ff2f14eb  corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm
 7eb7c1057b2c47306482d0afc1e6e859  corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm
 4c69219b2f389fe050df05985deecb86  corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm 
 8830d7341d49f9da956a907e21e9a7a0  corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm

2008.0 x86_64

 5378764b2b2d3cd848ac0ac542287b94  2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm
 a6dbaabff7dbd6cabc1202a334c663b2  2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm
 f3b2891c740068fa7f328690f8a53c0a  2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm
 9ad409a7e667a9bc7c448ad207ce2afd  2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm 
 ce97f832256d12037e51bafb9d70e5ef  2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm

CS4.0 x86_64

 d92325b44dbf5deb8cfcd0cbf4f59012  corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm
 2944306bed9b725e7c0bc196416de3c2  corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm
 424b680dbde7f548b731ecc4bf8021fc  corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm
 70c9f7f70ca3e6635c80608189a220e0  corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 
 8830d7341d49f9da956a907e21e9a7a0  corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm

2008.1 x86_64

 78655b07b2736207d38d165f695f5e72  2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm
 55f4a5fe2db33ec43b74353b92b01c6d  2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm
 70d7f144e01d25f79b622484db2ef0bd  2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm
 807e29fd2d0560f65eff7fff274aa5e2  2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 
 53c7c0bc38eb3210137ce329559705cf  2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm

2008.1 i586

 d2f1aecf3d76a0de1eb2314467e8039c  2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm
 25cbd704341f975c3608b2415f73876a  2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm
 afeb1a983ab5dc9175abe9a3d4d2a043  2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm
 2e4f8fbf6baf274e24d0d68713c20bb0  2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm 
 53c7c0bc38eb3210137ce329559705cf  2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm

2007.1 x86_64

 7ff78a629ff3fc4ebae26081445476b5  2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm
 d782522d41b4c9c3740d6d3917560a9f  2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm
 6e7cc1f3c8dd8485a182704d64a59c8b  2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm
 9337e42a69c15124642ed8f9756fd3c2  2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 
 2ef9d3fd31d521b775f36480608f5494  2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm

Referenzen