CVE-2008-3972 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-3972 Interim 1 9 2023-12-09T02:08:21Z current 2021-05-30T12:43:49Z 2023-12-09T02:08:21Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-3972 pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4QRTQOTTCY25HZ4CKOKWXP47HH662BPH/#4QRTQOTTCY25HZ4CKOKWXP47HH662BPH E-Mail link for SUSE-SR:2008:019 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 opensc opensc as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS opensc as a component of SUSE Linux Enterprise Server 15-ESPOS opensc as a component of SUSE Linux Enterprise Server 15-LTSS opensc as a component of SUSE Linux Enterprise Server for SAP Applications 15 pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. CVE-2008-3972 SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc SUSE Linux Enterprise Server 15-ESPOS:opensc SUSE Linux Enterprise Server 15-LTSS:opensc SUSE Linux Enterprise Server for SAP Applications 15:opensc moderate 6.6 AV:L/AC:L/Au:N/C:N/I:C/A:C