Bug 664986 - (CVE-2010-4530) CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards
CVE-2010-4530 CCID: Integer overflow, leading to array index error when proce...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20101213,reported=20101222,sou...
: Security
Depends On: 664987 883647 953045
Blocks: 855229 952520
  Show dependency treegraph
 
Reported: 2010-12-22 06:51 EST by Jan Lieskovsky
Modified: 2016-03-04 07:41 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-01 00:39:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2010-12-22 06:51:27 EST
An integer overflow, leading to array index error was found
in the way USB CCID (Chip/Smart Card Interface Devices) driver
processed certain values of card serial number. A local attacker
could use this flaw to execute arbitrary code, with the privileges
of the user running the pcscd daemon, via a malicious smart card
with specially-crafted value of its serial number, inserted to
the system USB port.

References:
[1] http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780

Upstream changesets:
[3] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html
[4] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html
Comment 1 Jan Lieskovsky 2010-12-22 06:53:53 EST
This issue affects the versions of the ccid package, as shipped
with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the ccid package, as shipped
with Fedora release of 13 and 14.

Please schedule an update with the above upstream patches.
Comment 2 Jan Lieskovsky 2010-12-22 06:54:54 EST
Created ccid tracking bugs for this issue

Affects: fedora-all [bug 664987]
Comment 3 Jan Lieskovsky 2010-12-22 07:57:18 EST
CVE Request:
http://www.openwall.com/lists/oss-security/2010/12/22/7
Comment 4 Kalev Lember 2011-01-05 06:34:09 EST
I have submitted updates for Fedora 13 and Fedora 14. In rawhide the version of the ccid package is newer, containing the upstream patch, and is not affected by the vulnerability.

https://admin.fedoraproject.org/updates/ccid-1.4.0-2.fc14
https://admin.fedoraproject.org/updates/ccid-1.3.11-2.fc13
Comment 8 errata-xmlrpc 2013-02-21 05:54:47 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0523 https://rhn.redhat.com/errata/RHSA-2013-0523.html
Comment 14 errata-xmlrpc 2013-09-30 18:47:50 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1323 https://rhn.redhat.com/errata/RHSA-2013-1323.html
Comment 15 Huzaifa S. Sidhpurwala 2013-10-01 00:49:07 EDT
Statement:

(none)

Note You need to log in before you can comment on or make changes to this bug.