Executive Summary

Informations
Name CVE-2009-4901 First vendor Publication 2010-06-18
Vendor Cve Last vendor Modification 2010-06-24

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application35

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for pcsc-lite CESA-2010:0533 centos5 i386
File : nvt/gb_CESA-2010_0533_pcsc-lite_centos5_i386.nasl
2010-10-01Name : Mandriva Update for pcsc-lite MDVSA-2010:189 (pcsc-lite)
File : nvt/gb_mandriva_MDVSA_2010_189.nasl
2010-08-06Name : Ubuntu Update for pcsc-lite vulnerability USN-969-1
File : nvt/gb_ubuntu_USN_969_1.nasl
2010-07-16Name : RedHat Update for pcsc-lite RHSA-2010:0533-01
File : nvt/gb_RHSA-2010_0533-01_pcsc-lite.nasl
2010-07-06Name : Debian Security Advisory DSA 2059-1 (pcsc-lite)
File : nvt/deb_2059_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
65659PCSC-Lite PC/SC Smart Card Daemon winscard_svc.c MSGFunctionDemarshall Functi...

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libpcsclite1-100811.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100714_pcsc_lite_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-09-27Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-189.nasl - Type : ACT_GATHER_INFO
2010-08-13Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpcsclite1-100811.nasl - Type : ACT_GATHER_INFO
2010-08-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-969-1.nasl - Type : ACT_GATHER_INFO
2010-07-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2010-07-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-10014.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-9995.nasl - Type : ACT_GATHER_INFO
2010-06-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2059.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/40758
CONFIRM http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208
https://bugzilla.redhat.com/show_bug.cgi?id=596426
DEBIAN http://www.debian.org/security/2010/dsa-2059
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html
SECUNIA http://secunia.com/advisories/40140
http://secunia.com/advisories/40239
VUPEN http://www.vupen.com/english/advisories/2010/1427
http://www.vupen.com/english/advisories/2010/1508

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-06-14 13:28:20
  • Multiple Updates
2014-02-17 10:52:56
  • Multiple Updates
2013-05-11 00:04:46
  • Multiple Updates