Jump to content

Advisories MDVSA-2010:189-1: pcsc-lite


paul
 Share

Recommended Posts

Multiple vulnerabilities has been found and corrected in pcsc-lite:

 

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart

Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow

local users to cause a denial of service (daemon crash) via crafted

SCARD_SET_ATTRIB message data, which is improperly demarshalled

and triggers a buffer over-read, a related issue to CVE-2010-0407

(CVE-2009-4901).

 

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c

in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4

and earlier might allow local users to gain privileges via crafted

SCARD_CONTROL message data, which is improperly demarshalled. NOTE:

this vulnerability exists because of an incorrect fix for CVE-2010-0407

(CVE-2009-4902).

 

Multiple buffer overflows in the MSGFunctionDemarshall function in

winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE

PCSC-Lite before 1.5.4 allow local users to gain privileges via

crafted message data, which is improperly demarshalled (CVE-2010-0407).

 

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct these issues.

 

Update:

 

The previous MDVSA-2010:189 advisory was missing the packages for CS4,

this advisory corrects the problem.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...