| |||||||||||||||||||
Pardus alert 2011-22 (ccid)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-22 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-02 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A flaw was fixed in ccid, which could be exploited by physically proximate attackers to execute arbitrary code . Description =========== Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. Affected packages: Pardus 2009: ccid, all before 1.3.11-5-4 Resolution ========== There are update(s) for ccid. You can update them via Package Manager or with a single command from console: pisi up ccid References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=15805 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||