Le 22/12/2010 00:08, Michael Gilbert a écrit :
an advisory has been issued for the pcsc-lite ccid driver:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
CVE Request
http://www.openwall.com/lists/oss-security/2010/12/22/7
Date: Wed, 22 Dec 2010 13:55:08 +0100
From: Jan Lieskovsky <[email protected]>
To: "Steven M. Christey" <[email protected]>
CC: oss-security <[email protected]>,
Robert Relyea <[email protected]>
Subject: CVE Request -- 1, ccid -- int.overflow leading to array index error
2, pcsc-lite stack-based buffer overflow in ATR decoder [was:
CVE request: opensc buffer overflow ]
Hello Josh, Steve, vendors,
Rafael Dominguez Vega of MWR InfoSecurity reported two more flaws
related with smart cards:
I), CCID: Integer overflow, leading to array index error when
processing crafted serial number of certain cards
Description:
An integer overflow, leading to array index error was found
in the way USB CCID (Chip/Smart Card Interface Devices) driver
processed certain values of card serial number. A local attacker
could use this flaw to execute arbitrary code, with the privileges
of the user running the pcscd daemon, via a malicious smart card
with specially-crafted value of its serial number, inserted to
the system USB port.
References:
[1]
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780
[3] https://bugzilla.redhat.com/show_bug.cgi?id=664986
Upstream changesets:
[4]
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html
[5]
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html
--
Dr. Ludovic Rousseau
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
