4.4 - RHSA-2013:0525

Executive Summary

Summary
Title	pcsc-lite security and bug fix update

Informations
Name	RHSA-2013:0525	First vendor Publication	2013-02-21
Vendor	RedHat	Last vendor Modification	2013-02-21
Severity (Vendor)	Moderate	Revision	02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.4	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated pcsc-lite packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens.

A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset (ATR) messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4531)

This update also fixes the following bugs:

* Due to an error in the init script, the chkconfig utility did not automatically place the pcscd init script after the start of the HAL daemon. Consequently, the pcscd service did not start automatically at boot time. With this update, the pcscd init script has been changed to explicitly start only after HAL is up, thus fixing this bug. (BZ#788474, BZ#814549)

* Because the chkconfig settings and the startup files in the /etc/rc.d/ directory were not changed during the update described in the RHBA-2012:0990 advisory, the user had to update the chkconfig settings manually to fix the problem. Now, the chkconfig settings and the startup files in the /etc/rc.d/ directory are automatically updated as expected. (BZ#834803)

* Previously, the SCardGetAttrib() function did not work properly and always returned the "SCARD_E_INSUFFICIENT_BUFFER" error regardless of the actual buffer size. This update applies a patch to fix this bug and the SCardGetAttrib() function now works as expected. (BZ#891852)

All users of pcsc-lite are advised to upgrade to these updated packages, which fix these issues. After installing this update, the pcscd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

664999 - CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder 834803 - Update of pcsc-lite does not fix problems addressed in BUG 812469 891852 - pcsc-lite: incorrect check in SCardGetAttrib and SCardSetAttrib handling

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-0525.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12648

Oval ID:	oval:org.mitre.oval:def:12648
Title:	DSA-2156-1 pcscd -- buffer overflow
Description:	MWR InfoSecurity identified a buffer overflow in pcscd, middleware to access a smart card via PC/SC, which could lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-2156-1 CVE-2010-4531	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	pcscd
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND pcscd DPKG is earlier than 1.4.102-1+lenny4

Definition Id: oval:org.mitre.oval:def:13059

Oval ID:	oval:org.mitre.oval:def:13059
Title:	USN-1125-1 -- pcsc-lite vulnerability
Description:	pcsc-lite: Middleware to access a smart card using PC/SC PCSC-Lite could be made to crash or run programs if it accessed a special smart card.
Family:	unix	Class:	patch
Reference(s):	USN-1125-1 CVE-2010-4531	Version:	5
Platform(s):	Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04	Product(s):	pcsc-lite
Definition Synopsis:
Release section Ubuntu 10.10 is installed AND Installed architecture is all AND libpcsclite1 DPKG is earlier than 1.5.5-3ubuntu2.1 OR Release section Ubuntu 9.10 is installed AND Installed architecture is all AND libpcsclite1 DPKG is earlier than 1.5.3-1ubuntu1.2 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libpcsclite1 DPKG is earlier than 1.5.3-1ubuntu4.2

Definition Id: oval:org.mitre.oval:def:20620

Oval ID:	oval:org.mitre.oval:def:20620
Title:	RHSA-2013:0525: pcsc-lite security and bug fix update (Moderate)
Description:	Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0525-02 CESA-2013:0525 CVE-2010-4531	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	pcsc-lite
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section pcsc-lite-libs is earlier than 0:1.5.2-11.el6 AND pcsc-lite-devel is earlier than 0:1.5.2-11.el6 AND pcsc-lite is earlier than 0:1.5.2-11.el6 AND pcsc-lite-doc is earlier than 0:1.5.2-11.el6

Definition Id: oval:org.mitre.oval:def:23997

Oval ID:	oval:org.mitre.oval:def:23997
Title:	ELSA-2013:0525: pcsc-lite security and bug fix update (Moderate)
Description:	Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0525-02 CVE-2010-4531	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	pcsc-lite
Definition Synopsis:
Oracle Linux 6.x rpm test pcsc-lite-libs is earlier than 0:1.5.2-11.el6 AND pcsc-lite-devel is earlier than 0:1.5.2-11.el6 AND pcsc-lite is earlier than 0:1.5.2-11.el6 AND pcsc-lite-doc is earlier than 0:1.5.2-11.el6

Definition Id: oval:org.mitre.oval:def:27467

Oval ID:	oval:org.mitre.oval:def:27467
Title:	DEPRECATED: ELSA-2013-0525 -- pcsc-lite security and bug fix update (moderate)
Description:	[1.5.2-11] - fix overflow issue introduced in 1.5.2-5 and incorrectly corrected in 1.5.2-6 [1.5.2-10] - CVE-2010-4531 [1.5.2-9] - Bump version number so it doesn't get confused with z stream build.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0525 CVE-2010-4531	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	pcsc-lite
Definition Synopsis:
Oracle Linux 6.x Packages match section pcsc-lite is earlier than 0:1.5.2-11.el6 AND pcsc-lite-devel is earlier than 0:1.5.2-11.el6 AND pcsc-lite-doc is earlier than 0:1.5.2-11.el6 AND pcsc-lite-libs is earlier than 0:1.5.2-11.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Muscle Pcsc-Lite cpe:2.3:a:muscle:pcsc-lite:1.5.3:::::::*	1

OpenVAS Exploits

Date	Description
2011-05-10	Name : Ubuntu Update for pcsc-lite USN-1125-1 File : nvt/gb_ubuntu_USN_1125_1.nasl
2011-01-21	Name : Mandriva Update for pcsc-lite MDVSA-2011:015 (pcsc-lite) File : nvt/gb_mandriva_MDVSA_2011_015.nasl
2011-01-14	Name : Fedora Update for pcsc-lite FEDORA-2011-0123 File : nvt/gb_fedora_2011_0123_pcsc-lite_fc13.nasl
2011-01-14	Name : Fedora Update for pcsc-lite FEDORA-2011-0164 File : nvt/gb_fedora_2011_0164_pcsc-lite_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
69974	PCSC-Lite src/atrhandler.c ATRDecodeAtr() Function Overflow PCSC-Lite is prone to an overflow condition. The 'ATRDecodeAtr()' function in 'src/atrhandler.c' fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted ATR sent by a malicious smart card, an attacker with physical access can potentially execute arbitrary code.

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpcsclite1-110105.nasl - Type : ACT_GATHER_INFO
2014-01-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-17.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0525.nasl - Type : ACT_GATHER_INFO
2013-03-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0525.nasl - Type : ACT_GATHER_INFO
2013-03-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130221_pcsc_lite_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0525.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1125-1.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpcsclite1-110105.nasl - Type : ACT_GATHER_INFO
2011-02-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_pcsc-ccid-110121.nasl - Type : ACT_GATHER_INFO
2011-02-02	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pcsc-lite-7298.nasl - Type : ACT_GATHER_INFO
2011-02-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2156.nasl - Type : ACT_GATHER_INFO
2011-01-28	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-015.nasl - Type : ACT_GATHER_INFO
2011-01-14	Name : The remote Fedora host is missing a security update. File : fedora_2011-0123.nasl - Type : ACT_GATHER_INFO
2011-01-14	Name : The remote Fedora host is missing a security update. File : fedora_2011-0164.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:56:53	Multiple Updates
2013-02-21 09:19:00	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	5
CPE ID(s)	1
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	14

	Related
4.4	CVE-2010-4531
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

4.4 - RHSA-2013:0525

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU