Debian: New opensc packages fix smart card vulnerability

    Date04 Aug 2008
    CategoryDebian
    3055
    Posted ByLinuxSecurity Advisories
    Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1627-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    August 04, 2008                       http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : opensc
    Vulnerability  : programming error
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2008-2235
    
    Chaskiel M Grundman discovered that opensc, a library and utilities to
    handle smart cards, would initialise smart cards with the Siemens CardOS M4
    card operating system without proper access rights. This allowed everyone
    to change the card's PIN.
    
    With this bug anyone can change a user PIN without having the PIN or PUK
    or the superusers PIN or PUK. However it can not be used to figure out the
    PIN. If the PIN on your card is still the same you always had, there's a
    resonable chance that this vulnerability has not been exploited.
    
    This vulnerability affects only smart cards and USB crypto tokens based on
    Siemens CardOS M4, and within that group only those that were initialised
    with OpenSC. Users of other smart cards and USB crypto tokens, or cards
    that have been initialised with some software other than OpenSC, are not
    affected.
    
    After upgrading the package, running
        pkcs15-tool -T
    will show you whether the card is fine or vulnerable. If the card is
    vulnerable, you need to update the security setting using:
        pkcs15-tool -T -U
    
    For the stable distribution (etch), this problem has been fixed in
    version 0.11.1-2etch1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 0.11.4-4.
    
    We recommend that you upgrade your opensc 0.11.1-2etch1 package and check
    your card(s) with the command described above.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz
        Size/MD5 checksum:  1263611 94ce00a6bda38fac10ab06f5d5d1a8c3
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1.diff.gz
        Size/MD5 checksum:    57052 1b58c5d799d40f645ef3b132c49ab383
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1.dsc
        Size/MD5 checksum:      780 f80a316bdbee0c5132a6ac2200a864ca
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_alpha.deb
        Size/MD5 checksum:   296980 f58a8caa8c2df06057dc0f404798626d
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_alpha.deb
        Size/MD5 checksum:   204944 25f4e7077d8e92da0e9f9a8c7a9f243c
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_alpha.deb
        Size/MD5 checksum:   727608 12fcf66320b622e2f6887404709b5ab0
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_alpha.deb
        Size/MD5 checksum:  1077824 44c113c23321766542c653f23cfa57a6
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_alpha.deb
        Size/MD5 checksum:   508220 5853671ce35f9f9d3d9160bdbc715267
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_amd64.deb
        Size/MD5 checksum:   576890 ae517b1e8a6e10a0d284c86e470128a9
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_amd64.deb
        Size/MD5 checksum:   281184 7685b2c13ea0cfe3314d13c1012ead33
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_amd64.deb
        Size/MD5 checksum:   483262 ea2c9a29a9983d02709fe3fdab3639c7
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_amd64.deb
        Size/MD5 checksum:  1069104 5c79b0e8705ed7c74eead212f3dff5fd
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_amd64.deb
        Size/MD5 checksum:   199942 68a206307bc51ef6f0e3354f77c7b689
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_arm.deb
        Size/MD5 checksum:   529872 6fcea50e6d9f2798e57b7a95a9d1b32b
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_arm.deb
        Size/MD5 checksum:   269136 4d0f5d069408f36662eea22a7162cc12
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_arm.deb
        Size/MD5 checksum:   450838 2f2a61d387035578e9cd2b470c15f3f5
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_arm.deb
        Size/MD5 checksum:   187912 48c8db0926a3b5086edd3858a7b3464f
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_arm.deb
        Size/MD5 checksum:  1012008 b2bcc27df4dd377837bc09187226728d
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_hppa.deb
        Size/MD5 checksum:   285644 720de4261275a635e21621a8608c2118
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_hppa.deb
        Size/MD5 checksum:   623714 21e39736d446b2f4050e17e4c6a710f7
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_hppa.deb
        Size/MD5 checksum:   512546 62a5924897c6a1758ab692497bc2a8c2
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_hppa.deb
        Size/MD5 checksum:  1038638 8600b17317f3f078c4a4445a1a37bba3
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_hppa.deb
        Size/MD5 checksum:   205342 998bf77a44c1c1bf1be8ec9dc37b198e
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_i386.deb
        Size/MD5 checksum:   537914 6e8db96c6e3de77c23718d708e7747d2
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_i386.deb
        Size/MD5 checksum:  1019192 bddb42d3014a93863baf1fb4e48bcfb7
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_i386.deb
        Size/MD5 checksum:   453524 507bcea36e51a9631fccdfc5044661c9
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_i386.deb
        Size/MD5 checksum:   269964 512b8c22aa541eaf40bdc3d3e7b2f237
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_i386.deb
        Size/MD5 checksum:   189412 7a5548e7211d1f8042b8708f430a92f7
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_ia64.deb
        Size/MD5 checksum:   206076 3e8b1a0418c913959e2a48e34fed06f3
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_ia64.deb
        Size/MD5 checksum:   620222 a1165f22cddd56615544ce237392eda4
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_ia64.deb
        Size/MD5 checksum:  1062136 c2eeeef002ad6571456d92fa1564e1b2
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_ia64.deb
        Size/MD5 checksum:   769856 6a3804060f63b820871b205497fc9043
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_ia64.deb
        Size/MD5 checksum:   354050 3d2e9f1faf7b2c544e1318826b0491ed
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_mips.deb
        Size/MD5 checksum:   282924 3026353e8112e756b5e9e8514841af67
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_mips.deb
        Size/MD5 checksum:  1082412 858fbe501e5e72f6067364b5dff7195b
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_mips.deb
        Size/MD5 checksum:   195460 4ebf2a7f1c25e2b7bc17e2299b95b2d2
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_mips.deb
        Size/MD5 checksum:   458348 82a2b52416de1a8908bf04f0deb62db0
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_mips.deb
        Size/MD5 checksum:   632910 0b4d7ef4c89e980879921adc2392874b
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_mipsel.deb
        Size/MD5 checksum:   458278 0902a8dde43e0bcecb9d966e80e00291
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_mipsel.deb
        Size/MD5 checksum:   194500 2ae036fbea0d0020437d0e990536b3c6
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_mipsel.deb
        Size/MD5 checksum:  1060820 bf0dd90ca962d53dd4789984a01cc7ab
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_mipsel.deb
        Size/MD5 checksum:   629236 98ab63af49e09c44ee26ad83e980f29a
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_mipsel.deb
        Size/MD5 checksum:   284040 f12e0c356c392d0170d285f8666eeef0
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_powerpc.deb
        Size/MD5 checksum:  1084198 9966426b32b6a6747d7f79f00ade7344
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_powerpc.deb
        Size/MD5 checksum:   294672 a313b6186b60d0e3c7bd37f0d3738ae0
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_powerpc.deb
        Size/MD5 checksum:   473704 b5c40173686be092cf90fcfccc5763e7
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_powerpc.deb
        Size/MD5 checksum:   205022 99ab0a4885629efe28af1d7046b504dc
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_powerpc.deb
        Size/MD5 checksum:   599442 eee9e4fab2c56dcdeaa04d772196492c
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_s390.deb
        Size/MD5 checksum:   217036 cf802e53d194f69717ce8721a7ee6f9a
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_s390.deb
        Size/MD5 checksum:   279104 31883cd04da9c5706544fe4c5e360a4f
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_s390.deb
        Size/MD5 checksum:  1050042 c448e71485f71b7b286726a800192d36
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_s390.deb
        Size/MD5 checksum:   485444 209814eff30c6196f8c1e0120815e332
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_s390.deb
        Size/MD5 checksum:   552702 4ffd552997a712a682d3998875223896
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch1_sparc.deb
        Size/MD5 checksum:   442292 cdc730715c6dd526f5157a77aa3a0994
      http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch1_sparc.deb
        Size/MD5 checksum:   268136 b2075866922a7287c4a688ce2e0db066
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch1_sparc.deb
        Size/MD5 checksum:   544478 4027cd3c2d9c237db8071aa219bc33eb
      http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch1_sparc.deb
        Size/MD5 checksum:   193598 c858bf19a633cb2581507a531f286e9d
      http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch1_sparc.deb
        Size/MD5 checksum:   967876 a663e88eb2016cca21a8a13a495e36da
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.