CVE-2009-4902: Buffer Overflow

First published: Thu Jun 10 2010(Updated: )

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MUSCLE PCSC-Lite	=1.2.9-beta7
MUSCLE PCSC-Lite	=1.4.3
MUSCLE PCSC-Lite	=1.2.0-rc2
MUSCLE PCSC-Lite	=1.3.1
MUSCLE PCSC-Lite	=1.2.9-beta6
MUSCLE PCSC-Lite	=1.2.9-beta1
MUSCLE PCSC-Lite	=1.1.2-beta5
MUSCLE PCSC-Lite	=1.2.9-beta8
MUSCLE PCSC-Lite	=1.2.9-beta2
MUSCLE PCSC-Lite	=1.2.9-beta5
MUSCLE PCSC-Lite	=1.5.1
MUSCLE PCSC-Lite	=1.1.2-beta3
MUSCLE PCSC-Lite	=1.3.2
MUSCLE PCSC-Lite	=1.4.102
MUSCLE PCSC-Lite	=1.4.100
MUSCLE PCSC-Lite	=1.2.9-beta10
MUSCLE PCSC-Lite	=1.4.1
MUSCLE PCSC-Lite	=1.3.0
MUSCLE PCSC-Lite	=1.4.101
MUSCLE PCSC-Lite	=1.4.0
MUSCLE PCSC-Lite	=1.2.9-beta3
MUSCLE PCSC-Lite	=1.2.0-rc3
MUSCLE PCSC-Lite	<=1.5.4
MUSCLE PCSC-Lite	=1.2.0
MUSCLE PCSC-Lite	=1.4.2
MUSCLE PCSC-Lite	=1.1.2-beta2
MUSCLE PCSC-Lite	=1.4.99
MUSCLE PCSC-Lite	=1.2.9-beta9
MUSCLE PCSC-Lite	=1.3.3
MUSCLE PCSC-Lite	=1.2.0-rc1
MUSCLE PCSC-Lite	=1.4.4
MUSCLE PCSC-Lite	=1.2.9-beta4
MUSCLE PCSC-Lite	=1.5.0
MUSCLE PCSC-Lite	=1.5.2
MUSCLE PCSC-Lite	=1.1.2-beta4

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
collector/redhat-cve
source/Red Hat
agent/first-publish-date
agent/weakness
agent/author
agent/severity
agent/references
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/muscle
canonical/muscle pcsc-lite
version/muscle pcsc-lite/1.2.9-beta7
version/muscle pcsc-lite/1.4.3
version/muscle pcsc-lite/1.2.0-rc2
version/muscle pcsc-lite/1.3.1
version/muscle pcsc-lite/1.2.9-beta6
version/muscle pcsc-lite/1.2.9-beta1
version/muscle pcsc-lite/1.1.2-beta5
version/muscle pcsc-lite/1.2.9-beta8
version/muscle pcsc-lite/1.2.9-beta2
version/muscle pcsc-lite/1.2.9-beta5
version/muscle pcsc-lite/1.5.1
version/muscle pcsc-lite/1.1.2-beta3
version/muscle pcsc-lite/1.3.2
version/muscle pcsc-lite/1.4.102
version/muscle pcsc-lite/1.4.100
version/muscle pcsc-lite/1.2.9-beta10
version/muscle pcsc-lite/1.4.1
version/muscle pcsc-lite/1.3.0
version/muscle pcsc-lite/1.4.101
version/muscle pcsc-lite/1.4.0
version/muscle pcsc-lite/1.2.9-beta3
version/muscle pcsc-lite/1.2.0-rc3
version/muscle pcsc-lite/1.5.4
version/muscle pcsc-lite/1.2.0
version/muscle pcsc-lite/1.4.2
version/muscle pcsc-lite/1.1.2-beta2
version/muscle pcsc-lite/1.4.99
version/muscle pcsc-lite/1.2.9-beta9
version/muscle pcsc-lite/1.3.3
version/muscle pcsc-lite/1.2.0-rc1
version/muscle pcsc-lite/1.4.4
version/muscle pcsc-lite/1.2.9-beta4
version/muscle pcsc-lite/1.5.0
version/muscle pcsc-lite/1.5.2
version/muscle pcsc-lite/1.1.2-beta4

CVE-2009-4902: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact