User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2011-24 (pcsc-lite)

From:  Meltem Parmaks&#305;z <meltem@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2011-24] pcsc-lite: Buffer Overflow
Date:  Wed, 2 Feb 2011 00:35:12 +0200
Message-ID:  <201102020035.12741.meltem@pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-24 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-02 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in pcsclite. Description =========== CVE-2010-4531: A stack-based buffer overflow flaw was found in the way PC/SC Lite smart card framework decoded certain attribute values of the Answer-to-Reset (ATR) message, received back from the card after connecting. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, via a malicious smart card inserted to the system USB port. Affected packages: Pardus 2009: pcsc-lite, all before 1.5.5-10-6 Resolution ========== There are update(s) for pcsc-lite. You can update them via Package Manager or with a single command from console: pisi up pcsc-lite References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=15802 * http://www.vupen.com/english/advisories/2010/3264 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds