An integer overflow, leading to array index error was found in the way USB CCID (Chip/Smart Card Interface Devices) driver processed certain values of card serial number. A local attacker could use this flaw to execute arbitrary code, with the privileges of the user running the pcscd daemon, via a malicious smart card with specially-crafted value of its serial number, inserted to the system USB port. References: [1] http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780 Upstream changesets: [3] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html [4] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html
This issue affects the versions of the ccid package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the ccid package, as shipped with Fedora release of 13 and 14. Please schedule an update with the above upstream patches.
Created ccid tracking bugs for this issue Affects: fedora-all [bug 664987]
CVE Request: http://www.openwall.com/lists/oss-security/2010/12/22/7
I have submitted updates for Fedora 13 and Fedora 14. In rawhide the version of the ccid package is newer, containing the upstream patch, and is not affected by the vulnerability. https://admin.fedoraproject.org/updates/ccid-1.4.0-2.fc14 https://admin.fedoraproject.org/updates/ccid-1.3.11-2.fc13
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0523 https://rhn.redhat.com/errata/RHSA-2013-0523.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1323 https://rhn.redhat.com/errata/RHSA-2013-1323.html
Statement: (none)