Bug 664986 (CVE-2010-4530) - CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards
Summary: CVE-2010-4530 CCID: Integer overflow, leading to array index error when proce...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-4530
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 664987 883647 953045
Blocks: 855229 952520
TreeView+ depends on / blocked
 
Reported: 2010-12-22 11:51 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:42 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-01 04:39:17 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0523 normal SHIPPED_LIVE Low: ccid security and bug fix update 2013-02-20 21:28:41 UTC
Red Hat Product Errata RHSA-2013:1323 normal SHIPPED_LIVE Low: ccid security and bug fix update 2013-10-01 00:31:13 UTC

Description Jan Lieskovsky 2010-12-22 11:51:27 UTC
An integer overflow, leading to array index error was found
in the way USB CCID (Chip/Smart Card Interface Devices) driver
processed certain values of card serial number. A local attacker
could use this flaw to execute arbitrary code, with the privileges
of the user running the pcscd daemon, via a malicious smart card
with specially-crafted value of its serial number, inserted to
the system USB port.

References:
[1] http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780

Upstream changesets:
[3] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html
[4] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html

Comment 1 Jan Lieskovsky 2010-12-22 11:53:53 UTC
This issue affects the versions of the ccid package, as shipped
with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the ccid package, as shipped
with Fedora release of 13 and 14.

Please schedule an update with the above upstream patches.

Comment 2 Jan Lieskovsky 2010-12-22 11:54:54 UTC
Created ccid tracking bugs for this issue

Affects: fedora-all [bug 664987]

Comment 3 Jan Lieskovsky 2010-12-22 12:57:18 UTC
CVE Request:
http://www.openwall.com/lists/oss-security/2010/12/22/7

Comment 4 Kalev Lember 2011-01-05 11:34:09 UTC
I have submitted updates for Fedora 13 and Fedora 14. In rawhide the version of the ccid package is newer, containing the upstream patch, and is not affected by the vulnerability.

https://admin.fedoraproject.org/updates/ccid-1.4.0-2.fc14
https://admin.fedoraproject.org/updates/ccid-1.3.11-2.fc13

Comment 8 errata-xmlrpc 2013-02-21 10:54:47 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0523 https://rhn.redhat.com/errata/RHSA-2013-0523.html

Comment 14 errata-xmlrpc 2013-09-30 22:47:50 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1323 https://rhn.redhat.com/errata/RHSA-2013-1323.html

Comment 15 Huzaifa S. Sidhpurwala 2013-10-01 04:49:07 UTC
Statement:

(none)


Note You need to log in before you can comment on or make changes to this bug.