CVE-2008-2235 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-2235 Interim 1 25 2025-11-05T06:14:35Z current 2021-05-30T12:42:41Z 2025-11-05T06:14:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-2235 OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4QRTQOTTCY25HZ4CKOKWXP47HH662BPH/#4QRTQOTTCY25HZ4CKOKWXP47HH662BPH E-Mail link for SUSE-SR:2008:019 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed libopensc2-0.11.6-5.25.1 libopensc2-0.11.6-5.27.1 libopensc2-32bit-0.11.6-5.25.1 libopensc2-32bit-0.11.6-5.27.1 libopensc2-x86-0.11.6-5.25.1 libopensc2-x86-0.11.6-5.27.1 opensc opensc-0.11.6-5.25.1 opensc-0.11.6-5.27.1 opensc-0.21.0-2.2 opensc-0.24.0-2.1 opensc-0.24.0-slfo.1.1_1.2 opensc-0.26.1-160000.2.2 opensc-32bit-0.11.6-5.25.1 opensc-32bit-0.11.6-5.27.1 opensc-32bit-0.21.0-2.2 opensc-devel-0.11.6-5.27.1 opensc-x86-0.11.6-5.25.1 opensc-x86-0.11.6-5.27.1 libopensc2-0.11.6-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP1 libopensc2-32bit-0.11.6-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP1 libopensc2-x86-0.11.6-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP1 opensc-0.11.6-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP1 opensc-32bit-0.11.6-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP1 opensc-x86-0.11.6-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP1 libopensc2-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 libopensc2-32bit-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 libopensc2-x86-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 opensc-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 opensc-32bit-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 opensc-x86-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 libopensc2-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP3 libopensc2-32bit-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP3 libopensc2-x86-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP3 opensc-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP3 opensc-32bit-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP3 opensc-x86-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP3 libopensc2-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP4 libopensc2-32bit-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP4 libopensc2-x86-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP4 opensc-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP4 opensc-32bit-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP4 opensc-x86-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Server 11 SP4 opensc-0.26.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 opensc-devel-0.11.6-5.27.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 opensc-0.24.0-2.1 as a component of SUSE Linux Micro 6.0 opensc-0.24.0-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 opensc-0.21.0-2.2 as a component of openSUSE Tumbleweed opensc-32bit-0.21.0-2.2 as a component of openSUSE Tumbleweed opensc as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS opensc as a component of SUSE Linux Enterprise Server 15-ESPOS opensc as a component of SUSE Linux Enterprise Server 15-LTSS opensc as a component of SUSE Linux Enterprise Server for SAP Applications 15 OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. CVE-2008-2235 SUSE Linux Enterprise Server 11 SP1:libopensc2-0.11.6-5.25.1 SUSE Linux Enterprise Server 11 SP1:libopensc2-32bit-0.11.6-5.25.1 SUSE Linux Enterprise Server 11 SP1:libopensc2-x86-0.11.6-5.25.1 SUSE Linux Enterprise Server 11 SP1:opensc-0.11.6-5.25.1 SUSE Linux Enterprise Server 11 SP1:opensc-32bit-0.11.6-5.25.1 SUSE Linux Enterprise Server 11 SP1:opensc-x86-0.11.6-5.25.1 SUSE Linux Enterprise Server 11 SP2:libopensc2-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP2:libopensc2-32bit-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP2:libopensc2-x86-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP2:opensc-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP2:opensc-32bit-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP2:opensc-x86-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP3:libopensc2-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP3:libopensc2-32bit-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP3:libopensc2-x86-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP3:opensc-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP3:opensc-32bit-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP3:opensc-x86-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP4:libopensc2-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP4:libopensc2-32bit-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP4:libopensc2-x86-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP4:opensc-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP4:opensc-32bit-0.11.6-5.27.1 SUSE Linux Enterprise Server 11 SP4:opensc-x86-0.11.6-5.27.1 SUSE Linux Enterprise Server 16.0:opensc-0.26.1-160000.2.2 SUSE Linux Enterprise Software Development Kit 11 SP4:opensc-devel-0.11.6-5.27.1 SUSE Linux Micro 6.0:opensc-0.24.0-2.1 SUSE Linux Micro 6.1:opensc-0.24.0-slfo.1.1_1.2 openSUSE Tumbleweed:opensc-0.21.0-2.2 openSUSE Tumbleweed:opensc-32bit-0.21.0-2.2 SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc SUSE Linux Enterprise Server 15-ESPOS:opensc SUSE Linux Enterprise Server 15-LTSS:opensc SUSE Linux Enterprise Server for SAP Applications 15:opensc moderate 4.9 AV:L/AC:L/Au:N/C:N/I:C/A:N