Nom du paquet
pcsc-lite
Date
2010-09-24
Advisory ID
MDVSA-2010:189-1
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in pcsc-lite:

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart
Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow
local users to cause a denial of service (daemon crash) via crafted
SCARD_SET_ATTRIB message data, which is improperly demarshalled
and triggers a buffer over-read, a related issue to CVE-2010-0407
(CVE-2009-4901).

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c
in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4
and earlier might allow local users to gain privileges via crafted
SCARD_CONTROL message data, which is improperly demarshalled. NOTE:
this vulnerability exists because of an incorrect fix for CVE-2010-0407
(CVE-2009-4902).

Multiple buffer overflows in the MSGFunctionDemarshall function in
winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE
PCSC-Lite before 1.5.4 allow local users to gain privileges via
crafted message data, which is improperly demarshalled (CVE-2010-0407).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Update:

The previous MDVSA-2010:189 advisory was missing the packages for CS4,
this advisory corrects the problem.

Updated packages

CS4.0 x86_64

 679754ead473749cc755350951df0478  corporate/4.0/x86_64/lib64pcsclite1-1.3.0-2.1.20060mlcs4.x86_64.rpm
 974188458cb887457a22cb4be169ba24  corporate/4.0/x86_64/lib64pcsclite1-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm
 300a3a9416d02cfd092bb5e3bc81302d  corporate/4.0/x86_64/lib64pcsclite1-static-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm
 7e491ebb83c94c00b249db757c0e052b  corporate/4.0/x86_64/pcsc-lite-1.3.0-2.1.20060mlcs4.x86_64.rpm 
 524c61d97f58343dee043627407f37ee  corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm

CS4.0 i586

 0c66f40efecdc0c3ae8f27dbe1abc4c5  corporate/4.0/i586/libpcsclite1-1.3.0-2.1.20060mlcs4.i586.rpm
 5623a50de3f9505c5a8b503a844d9ac5  corporate/4.0/i586/libpcsclite1-devel-1.3.0-2.1.20060mlcs4.i586.rpm
 ab1f8bec0cee4bd2e88e40b6c34d9160  corporate/4.0/i586/libpcsclite1-static-devel-1.3.0-2.1.20060mlcs4.i586.rpm
 27431d0962492720c5b7cca1491ebade  corporate/4.0/i586/pcsc-lite-1.3.0-2.1.20060mlcs4.i586.rpm 
 524c61d97f58343dee043627407f37ee  corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm

References