Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1627-2] New opensc package fix incomplete check (1/2)

From Thijs Kinkhorst@1:229/2 to All on Sun Aug 31 12:40:07 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1627-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
August 31, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : opensc
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-2235

The previous security update for opensc had a too strict check for
vulnerable smart cards. It could flag cards as safe even though they may
be affected. This update corrects that problem. We advise users of the
smart cards concerned to re-check their card after updating the package, following the procedure outlined in the original advisory text below.

Chaskiel M Grundman discovered that opensc, a library and utilities to
handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone
to change the card's PIN.

With this bug anyone can change a user PIN without having the PIN or PUK
or the superusers PIN or PUK. However it can not be used to figure out the
PIN. If the PIN on your card is still the same you always had, there's a reasonable chance that this vulnerability has not been exploited.

This vulnerability affects only smart cards and USB crypto tokens based on Siemens CardOS M4, and within that group only those that were initialised
with OpenSC. Users of other smart cards and USB crypto tokens, or cards
that have been initialised with some software other than OpenSC, are not affected.

After upgrading the package, running
pkcs15-tool -T
will show you whether the card is fine or vulnerable. If the card is vulnerable, you need to update the security setting using:
pkcs15-tool -T -U

For the stable distribution (etch), this problem has been fixed in
version 0.11.1-2etch2.

For the unstable distribution (sid), this problem has been fixed in
version 0.11.4-5.

We recommend that you upgrade your opensc package and check your card(s)
with the command described above.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz
Size/MD5 checksum: 1263611 94ce00a6bda38fac10ab06f5d5d1a8c3
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz
Size/MD5 checksum: 57088 9ce4247af885d39a5e76ac3e7e34f0e4
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc
Size/MD5 checksum: 780 33700596584c295d4f27a8f6b8d6df93

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 296964 e8ba9833e1d3c00bb4dafc08648faf6d
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 205002 7146068470dd3c5bbacae9f48751d8fb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 1077872 1a1963d40c9a03ea0dc1453a27e873af
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 727634 58de552b33ff885aee0193de0534563e
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 508256 94ea135b646b89c6dac6defd2bc931ac

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 483304 a375efabe5edf419f4f1419ee085ddb1
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 200004 84f28dc19675f1f8823b03151cbba47e
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 576968 fb1c4b415d1377ceac61661919cbebff
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 281180 c67f956ac36c4d65ec21ab91ba749866
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 1069138 ee204a5d9633f19d89347761b06aa21c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 1012086 fe7a7a2eaf19f7e83dd38991a5c5204b
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 450916 95c8301ca36a08ca0521df8a25267689
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 269182 acc05dce62d94e247043ae804abac541
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 529988 840e3aab09d7abde5b8060ceebf2dbd1
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 187988 13b7a94850732fd4d46f6cdf875ffb31

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 205576 a24fccd7e1772647d563a520b7417976
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 512374 dc2ad0c4dc8df1b4058818cc65b0ec10
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 1036394 7f83a52f5917cd3fcdbacdbd5cb27ea2
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 624512 a66dd86f267fd09099501d5b3154782c
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 283434 a852d66ff8c4c271b37bbcc0a746dac0

i386 architecture (Intel ia32)

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:56:46
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,518

[SECURITY] [DSA 1627-2] New opensc package fix incomplete check (1/2)

Who's Online

Recent Visitors

System Info