A stack-based buffer overflow flaw was found in the way PC/SC Lite smart card framework decoded certain attribute values of the Answer-to-Reset (ATR) message, received back from the card after connecting. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, via a malicious smart card inserted to the system USB port. References: [1] http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 [3] http://www.vupen.com/english/advisories/2010/3264 Upstream changeset: [4] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
This issue affects the versions of the pcsc-lite package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the pcsc-lite package, as shipped with Fedora release of 13 and 14. Please schedule an update with the above upstream patch.
Created pcsc-lite tracking bugs for this issue Affects: fedora-all [bug 665000]
CVE Request: http://www.openwall.com/lists/oss-security/2010/12/22/7
I have submitted updates for Fedora 13 and Fedora 14. In rawhide the version of the pcsc-lite package is newer, containing the upstream patch, and is not affected by the vulnerability. https://admin.fedoraproject.org/updates/pcsc-lite-1.6.4-3.fc14 https://admin.fedoraproject.org/updates/pcsc-lite-1.5.5-5.fc13
(In reply to comment #0) > http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler- > buffer-overflow_2010-12-13.pdf Now available via the following URL instead: http://labs.mwrinfosecurity.com/assets/155/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0525 https://rhn.redhat.com/errata/RHSA-2013-0525.html
Statement: (none)