LinuxSecurity.com: Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235).
OPENSC-TOOL(1) OpenSC tools OPENSC-TOOL(1)NAME
opensc-tool - generic smart card utility
SYNOPSIS
opensc-tool [OPTIONS]
DESCRIPTION
The opensc-tool utility can be used from the command line to perform miscellaneous smart card operations such as getting the card ATR or
sending arbitrary APDU commands to a card.
OPTIONS --info, -i
Print information about OpenSC, such as version and enabled components
--atr, -a
Print the Answer To Reset (ATR) of the card, output is in hex byte format
--name, -n
Print the name of the inserted card (driver)
--serial
Print the card serial number (normally the ICCSN), output is in hex byte format
--send-apdu apdu, -s apdu
Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF...
--list-files, -f
Recursively lists all files stored on card
--list-readers, -l
Lists all configured readers
--list-drivers, -D
Lists all installed card drivers
--reader num, -r num
Use the given reader number. The default is 0, the first reader in the system.
--card-driver driver, -c driver
Use the given card driver. The default is auto-detected.
--wait, -w
Wait for a card to be inserted
--verbose, -v
Causes opensc-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library.
SEE ALSO opensc-explorer(1)opensc 06/03/2012 OPENSC-TOOL(1)