Executive Summary

Informations
Name MDVSA-2010:189-1 First vendor Publication 2010-09-24
Vendor Mandriva Last vendor Modification 2010-09-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.8 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.1 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in pcsc-lite:

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901).

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902).

Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled (CVE-2010-0407).

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Update:

The previous MDVSA-2010:189 advisory was missing the packages for CS4, this advisory corrects the problem.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:189-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11359
 
Oval ID: oval:org.mitre.oval:def:11359
Title: DSA-2059 pcsc-lite -- buffer overflow
Description: It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root.
Family: unix Class: patch
Reference(s): DSA-2059
CVE-2010-0407
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): pcsc-lite
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13054
 
Oval ID: oval:org.mitre.oval:def:13054
Title: USN-969-1 -- pcsc-lite vulnerability
Description: It was discovered that the PC/SC service did not correctly handle malformed messages. A local attacker could exploit this to execute arbitrary code with root privileges.
Family: unix Class: patch
Reference(s): USN-969-1
CVE-2009-4901
CVE-2009-4902
CVE-2010-0407
Version: 5
Platform(s): Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): pcsc-lite
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13060
 
Oval ID: oval:org.mitre.oval:def:13060
Title: DSA-2059-2 pcsc-lite -- buffer overflow
Description: The update for PCSCD caused a regression with some card readers. This update corrects that regression. The full advisory is below for completeness. It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. For the stable distribution, this problem has been fixed in version 1.4.102-1+lenny3. For the unstable distribution, this problem has been fixed in version 1.5.4-1. We recommend that you upgrade your pcsc-lite package.
Family: unix Class: patch
Reference(s): DSA-2059-2
CVE-2010-0407
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): pcsc-lite
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13315
 
Oval ID: oval:org.mitre.oval:def:13315
Title: DSA-2059-1 pcsc-lite -- buffer overflow
Description: It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. For the stable distribution, this problem has been fixed in version 1.4.102-1+lenny1. For the unstable distribution, this problem has been fixed in version 1.5.4-1. We recommend that you upgrade your pcsc-lite package.
Family: unix Class: patch
Reference(s): DSA-2059-1
CVE-2010-0407
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): pcsc-lite
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22253
 
Oval ID: oval:org.mitre.oval:def:22253
Title: RHSA-2010:0533: pcsc-lite security update (Moderate)
Description: Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
Family: unix Class: patch
Reference(s): RHSA-2010:0533-01
CESA-2010:0533
CVE-2009-4901
CVE-2010-0407
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): pcsc-lite
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22818
 
Oval ID: oval:org.mitre.oval:def:22818
Title: ELSA-2010:0533: pcsc-lite security update (Moderate)
Description: Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
Family: unix Class: patch
Reference(s): ELSA-2010:0533-01
CVE-2009-4901
CVE-2010-0407
Version: 13
Platform(s): Oracle Linux 5
Product(s): pcsc-lite
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27498
 
Oval ID: oval:org.mitre.oval:def:27498
Title: DEPRECATED: ELSA-2010-0533 -- pcsc-lite security update (moderate)
Description: [1.4.4-4] - Fix second typo in overflow patch from upstream [1.4.4-3] - Fix typo in patch [1.4.4-2] - Fix buffer overflow issues
Family: unix Class: patch
Reference(s): ELSA-2010-0533
CVE-2009-4901
CVE-2010-0407
Version: 4
Platform(s): Oracle Linux 5
Product(s): pcsc-lite
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 35

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for pcsc-lite CESA-2010:0533 centos5 i386
File : nvt/gb_CESA-2010_0533_pcsc-lite_centos5_i386.nasl
2010-10-01 Name : Mandriva Update for pcsc-lite MDVSA-2010:189 (pcsc-lite)
File : nvt/gb_mandriva_MDVSA_2010_189.nasl
2010-08-06 Name : Ubuntu Update for pcsc-lite vulnerability USN-969-1
File : nvt/gb_ubuntu_USN_969_1.nasl
2010-07-16 Name : RedHat Update for pcsc-lite RHSA-2010:0533-01
File : nvt/gb_RHSA-2010_0533-01_pcsc-lite.nasl
2010-07-16 Name : Fedora Update for pcsc-lite FEDORA-2010-10764
File : nvt/gb_fedora_2010_10764_pcsc-lite_fc12.nasl
2010-07-06 Name : Debian Security Advisory DSA 2059-1 (pcsc-lite)
File : nvt/deb_2059_1.nasl
2010-06-18 Name : Fedora Update for pcsc-lite FEDORA-2010-10014
File : nvt/gb_fedora_2010_10014_pcsc-lite_fc12.nasl
2010-06-18 Name : Fedora Update for pcsc-lite FEDORA-2010-9995
File : nvt/gb_fedora_2010_9995_pcsc-lite_fc11.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
65659 PCSC-Lite PC/SC Smart Card Daemon winscard_svc.c MSGFunctionDemarshall Functi...

65658 PCSC-Lite PC/SC Smart Card Daemon winscard_svc.c MSGFunctionDemarshall Functi...

56188 PCSC-Lite pcscd /var/run/pcscd.events/ Permission Weakness Local DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0150 - Multiple Security Vulnerabilities in Juniper Networks CTPView
Severity : Category I - VMSKEY : V0061073

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libpcsclite1-100811.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100714_pcsc_lite_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_pcsc-lite-100706.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_pcsc-lite-100705.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_pcsc-lite-7092.nasl - Type : ACT_GATHER_INFO
2010-09-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-189.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_pcsc-lite-100705.nasl - Type : ACT_GATHER_INFO
2010-08-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpcsclite1-100811.nasl - Type : ACT_GATHER_INFO
2010-08-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-969-1.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0533.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10764.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10014.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9995.nasl - Type : ACT_GATHER_INFO
2010-06-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2059.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 00:48:18
  • Multiple Updates