SB2011011807 - Multiple vulnerabilities in pcsclite.apdu.fr pcsc-lite
Published: January 18, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2010-4530)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
2) Stack-based buffer overflow (CVE-ID: CVE-2010-4531)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd when processing a smart card with an ATR message containing a long attribute value. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html
- http://rhn.redhat.com/errata/RHSA-2013-1323.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:014
- http://www.openwall.com/lists/oss-security/2010/12/22/7
- http://www.openwall.com/lists/oss-security/2011/01/03/3
- http://www.securityfocus.com/bid/45806
- http://www.vupen.com/english/advisories/2011/0100
- http://www.vupen.com/english/advisories/2011/0179
- https://bugzilla.redhat.com/show_bug.cgi?id=664986
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64961
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781
- http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
- http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html
- http://secunia.com/advisories/42912
- http://secunia.com/advisories/43112
- http://www.debian.org/security/2011/dsa-2156
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:015
- http://www.securityfocus.com/bid/45450
- http://www.vupen.com/english/advisories/2010/3264
- http://www.vupen.com/english/advisories/2011/0101
- http://www.vupen.com/english/advisories/2011/0180
- http://www.vupen.com/english/advisories/2011/0256
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531