REDHAT-BUG-664986: Integer Overflow
First published: Wed Dec 22 2010(Updated: )
An integer overflow, leading to array index error was found in the way USB CCID (Chip/Smart Card Interface Devices) driver processed certain values of card serial number. A local attacker could use this flaw to execute arbitrary code, with the privileges of the user running the pcscd daemon, via a malicious smart card with specially-crafted value of its serial number, inserted to the system USB port. References: [1] <a href="http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf">http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf</a> [2] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780</a> Upstream changesets: [3] <a href="http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html">http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html</a> [4] <a href="http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html">http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PCSC-lite |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780
- http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html
- http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=664987
- http://www.openwall.com/lists/oss-security/2010/12/22/7
- https://admin.fedoraproject.org/updates/ccid-1.4.0-2.fc14
- https://admin.fedoraproject.org/updates/ccid-1.3.11-2.fc13
- https://rhn.redhat.com/errata/RHSA-2013-0523.html
- https://rhn.redhat.com/errata/RHSA-2013-1323.html
- https://bugzilla.redhat.com/show_bug.cgi?id=664986
Frequently Asked Questions
What is the severity of REDHAT-BUG-664986?
The severity of REDHAT-BUG-664986 is critical due to the potential for arbitrary code execution.
How do I fix REDHAT-BUG-664986?
To fix REDHAT-BUG-664986, update the pcscd daemon and related packages to the latest version provided by your distribution.
What causes the vulnerability in REDHAT-BUG-664986?
REDHAT-BUG-664986 is caused by an integer overflow leading to an array index error in the USB CCID driver.
Who is affected by REDHAT-BUG-664986?
Users running the pcscd daemon, especially those using certain versions of the pcsc-lite package, are affected by REDHAT-BUG-664986.
Can REDHAT-BUG-664986 be exploited remotely?
No, REDHAT-BUG-664986 requires local access for exploitation since it involves the privileges of the user running the pcscd daemon.
- collector/redhat-bugzilla
- alias/CVE-2010-4530
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/pcsc-lite