Le 23/12/2010 18:14, Michael Gilbert a écrit :
On Wed, 22 Dec 2010 18:51:33 +0100, Ludovic Rousseau wrote:
To trigger the bug the attacker needs to connect a serial reader to the
host. And then needs to have a physical access to the computer.
To enable the serial reader the attacker needs to edit the file
/etc/reader.conf and configure the use of the connected serial reader.
So the attacker must have root access to trigger the buffer overflow.
An administrator making use of a serial card reader is likely to have
done this prior to the attacker having access to the reader.
Right.
I downgrade the severity to important. I don't think I will fix the bug
for squeeze.
I don't want to blow things out of proportion, but these bugs
completely violate the security model that is intended by card readers.
So even though the exploit is difficult and requires local access, it is
a real issue and really needs to be fixed.
I don't want to play bts ping pong, but this really should be fixed for
squeeze (making it RC). I suggest re-raising severity, and I will apply
the patches myself (since they're rather modest) if you aren't willing
to do so yourself. I'll also do an SPU for lenny.
OK, got for the RC severity and NMU. I can't do the upload now myself.
The upstream corrective patches are in SVN revision 5381 and 5382.
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html
Thanks
--
Dr. Ludovic Rousseau
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
