Pardus Linux Security Advisory 2008-33            [EMAIL PROTECTED]
       Date: 2008-08-31
   Severity: 2
       Type: Remote


[UPDATE]: Last security update with OpenSC 0.11.5 had a small glitch due
to a strict check, so this version fixes that issue.

A  security  issue has been reported in OpenSC, which can be exploited by 
malicious people
to bypass certain security restrictions.


The security issue is caused due to the application improperly  setting
the ADMIN file control information to  "00"  while  initializing  smart
cards having a Siemens CardOS M4 operating system. This can be exploited
to change a user PIN code without having the PIN or PUK  if  the  smart
card was initialized with OpenSC.

Affected packages:

   Pardus 2008:
     opensc, all before 0.11.6-7-2


There are update(s) for opensc. You can update them via Package Manager
or with a single command from console:

     pisi up opensc


   * http://bugs.pardus.org.tr/show_bug.cgi?id=8066
   * http://permalink.gmane.org/gmane.comp.security.oss.general/863
   * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235
   * http://secunia.com/advisories/31330


Pınar Yanardağ
Pardus Security Team

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to