Executive Summary

Informations
NameCVE-2009-4901First vendor Publication2010-06-18
VendorCveLast vendor Modification2010-06-24

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application35

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for pcsc-lite CESA-2010:0533 centos5 i386
File : nvt/gb_CESA-2010_0533_pcsc-lite_centos5_i386.nasl
2010-10-01Name : Mandriva Update for pcsc-lite MDVSA-2010:189 (pcsc-lite)
File : nvt/gb_mandriva_MDVSA_2010_189.nasl
2010-08-06Name : Ubuntu Update for pcsc-lite vulnerability USN-969-1
File : nvt/gb_ubuntu_USN_969_1.nasl
2010-07-16Name : RedHat Update for pcsc-lite RHSA-2010:0533-01
File : nvt/gb_RHSA-2010_0533-01_pcsc-lite.nasl
2010-07-06Name : Debian Security Advisory DSA 2059-1 (pcsc-lite)
File : nvt/deb_2059_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
65659PCSC-Lite PC/SC Smart Card Daemon winscard_svc.c MSGFunctionDemarshall Functi...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100714_pcsc_lite_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-09-27Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-189.nasl - Type : ACT_GATHER_INFO
2010-08-13Name : The remote SuSE system is missing a security patch for libpcsclite1
File : suse_11_2_libpcsclite1-100811.nasl - Type : ACT_GATHER_INFO
2010-08-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-969-1.nasl - Type : ACT_GATHER_INFO
2010-07-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2010-07-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-10014.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-9995.nasl - Type : ACT_GATHER_INFO
2010-06-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2059.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/40758
CONFIRMhttp://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208
https://bugzilla.redhat.com/show_bug.cgi?id=596426
DEBIANhttp://www.debian.org/security/2010/dsa-2059
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html
SECUNIAhttp://secunia.com/advisories/40140
http://secunia.com/advisories/40239
VUPENhttp://www.vupen.com/english/advisories/2010/1427
http://www.vupen.com/english/advisories/2010/1508

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:52:56
  • Multiple Updates
2013-05-11 00:04:46
  • Multiple Updates