Bug 1619709 (CVE-2018-14779, CVE-2018-14780)

Summary: CVE-2018-14779 CVE-2018-14780 yubico-piv-tool: Unchecked Buffer in libykpiv
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jjelen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: yubico-piv-tool 1.6.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:15:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1619710    
Bug Blocks:    

Description Andrej Nemec 2018-08-21 14:30:29 UTC
The Libykpiv library prior to version 1.6.0 contains an unchecked buffer, which could allow a buffer overflow. An attacker could use this to attempt to execute malicious code using a specifically crafted USB device masquerading as a YubiKey on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. In the case of Yubico PIV Tool and YubiKey PIV Manager, malicious code would execute with the same privileges as the user who runs the library. For affected versions of the YubiKey Smart Card Minidriver, malicious code would execute with System level privileges.

External References:

https://www.yubico.com/support/security-advisories/ysa-2018-03/

Comment 1 Andrej Nemec 2018-08-21 14:31:06 UTC
Created yubico-piv-tool tracking bugs for this issue:

Affects: epel-7 [bug 1619710]