Le 22/12/2010 00:10, Michael Gilbert a écrit :
an advisory has been issued for pcsc-lite:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
CVE request
http://www.openwall.com/lists/oss-security/2010/12/22/7
Date: Wed, 22 Dec 2010 13:55:08 +0100
From: Jan Lieskovsky <jlies...@...hat.com>
To: "Steven M. Christey" <co...@...us.mitre.org>
CC: oss-security <oss-secur...@...ts.openwall.com>,
Robert Relyea <rrel...@...hat.com>
Subject: CVE Request -- 1, ccid -- int.overflow leading to array index error
2, pcsc-lite stack-based buffer overflow in ATR decoder [was:
CVE request: opensc buffer overflow ]
Hello Josh, Steve, vendors,
Rafael Dominguez Vega of MWR InfoSecurity reported two more flaws
related with smart cards:
II), pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR)
decoder
Description:
A stack-based buffer overflow flaw was found in the way
PC/SC Lite smart card framework decoded certain attribute
values of the Answer-to-Reset (ATR) message, received back
from the card after connecting. A local attacker could
use this flaw to execute arbitrary code with the privileges
of the user running the pcscd daemon, via a malicious smart
card inserted to the system USB port.
References:
[1]
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781
[3] http://www.vupen.com/english/advisories/2010/3264
[4] https://bugzilla.redhat.com/show_bug.cgi?id=664999
Upstream changeset:
[5]
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
Could you allocate CVE ids for these two too?
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
--
Dr. Ludovic Rousseau
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
