opensc: arbitrary code execution
| Package(s): | opensc |
CVE #(s): | CVE-2010-4523
|
| Created: | January 4, 2011 |
Updated: | January 22, 2014 |
| Description: |
From the Red Hat bugzilla:
Three stack-based buffer overflow flaws were found in the way
OpenSC device drivers for A-Trust ACOS, ACS ACOS5 and
STARCOS SPK 2.3 based smart cards processed certain
values of card serial number. A local attacker could use this
flaw to execute arbitrary code, with the privileges of the
user running the opesc-tool or opensc-explorer binaries via
a malicious smart card, with specially-crafted value of its
serial number, inserted to the system.
|
| Alerts: |
| Gentoo |
201401-18 |
opensc |
2014-01-21 |
| SUSE |
SUSE-SR:2011:002 |
ed, evince, hplip, libopensc2/opensc, libsmi, libwebkit, perl, python, sssd, sudo, wireshark |
2011-01-25 |
| Mandriva |
MDVSA-2011:011 |
opensc |
2011-01-15 |
| openSUSE |
openSUSE-SU-2011:0049-1 |
opensc |
2011-01-19 |
| Fedora |
FEDORA-2010-19193 |
opensc |
2010-12-22 |
| Fedora |
FEDORA-2010-19192 |
opensc |
2010-12-22 |
|
