Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25533
HistoryJan 24, 2011 - 12:00 a.m.

[ MDVSA-2011:015 ] pcsc-lite

2011-01-2400:00:00
vulners.com
12
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2011:015
http://www.mandriva.com/security/

Package : pcsc-lite
Date : January 20, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0

Problem Description:

A vulnerability has been found and corrected in pcsc-lite:

Stack-based buffer overflow in the ATRDecodeAtr function in the
Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite
1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically
proximate attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a smart card with an ATR message containing
a long attribute value (CVE-2010-4531).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4531

Updated Packages:

Mandriva Linux 2009.0:
d137c48f4e931440a7c0b8f15fcff4b8 2009.0/i586/libpcsclite1-1.4.102-1.2mdv2009.0.i586.rpm
25116e1db3bda3affb09d59b4adc6aef 2009.0/i586/libpcsclite-devel-1.4.102-1.2mdv2009.0.i586.rpm
302d0c768b5b610547f55a3781f14fa8 2009.0/i586/libpcsclite-static-devel-1.4.102-1.2mdv2009.0.i586.rpm
d18ad9858c8995ca754138e0bd7a9bd8 2009.0/i586/pcsc-lite-1.4.102-1.2mdv2009.0.i586.rpm
92270b043c53d716e12eac331480ffe9 2009.0/SRPMS/pcsc-lite-1.4.102-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
b8690a3cb9fe4cef11a2f7181f07c2bf 2009.0/x86_64/lib64pcsclite1-1.4.102-1.2mdv2009.0.x86_64.rpm
70a6ff7af784249e5f3dbec686c5c992 2009.0/x86_64/lib64pcsclite-devel-1.4.102-1.2mdv2009.0.x86_64.rpm
01141839cdc3d10e5df39d34cad4b1d0
2009.0/x86_64/lib64pcsclite-static-devel-1.4.102-1.2mdv2009.0.x86_64.rpm
f49b21cb00dde2c767661f4e8512c9d2 2009.0/x86_64/pcsc-lite-1.4.102-1.2mdv2009.0.x86_64.rpm
92270b043c53d716e12eac331480ffe9 2009.0/SRPMS/pcsc-lite-1.4.102-1.2mdv2009.0.src.rpm

Mandriva Linux 2010.0:
e8542ceffedf0e3e10a75451fa7ac4cd 2010.0/i586/libpcsclite1-1.5.5-1.1mdv2010.0.i586.rpm
9909eecea315d85cc1a5f22680ccb55b 2010.0/i586/libpcsclite-devel-1.5.5-1.1mdv2010.0.i586.rpm
9d4e979b5245f8f03670571801bc1ee1 2010.0/i586/libpcsclite-static-devel-1.5.5-1.1mdv2010.0.i586.rpm
4293654f2187a51a09e16402665d40bf 2010.0/i586/pcsc-lite-1.5.5-1.1mdv2010.0.i586.rpm
c3ea63013e5cdbc56ebdca3f8305379a 2010.0/SRPMS/pcsc-lite-1.5.5-1.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
cafd52e2470853139baa1a4c92251d8d 2010.0/x86_64/lib64pcsclite1-1.5.5-1.1mdv2010.0.x86_64.rpm
7c27626ea5b0ca2bfcf6a6f44cecd432 2010.0/x86_64/lib64pcsclite-devel-1.5.5-1.1mdv2010.0.x86_64.rpm
f9073247d0152fabc96b147c2b06ca4b
2010.0/x86_64/lib64pcsclite-static-devel-1.5.5-1.1mdv2010.0.x86_64.rpm
c6d768906fb0a1a6025d560f835faf32 2010.0/x86_64/pcsc-lite-1.5.5-1.1mdv2010.0.x86_64.rpm
c3ea63013e5cdbc56ebdca3f8305379a 2010.0/SRPMS/pcsc-lite-1.5.5-1.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
b590e80c2a64596453c593ee70c5e8e1 2010.1/i586/libpcsclite1-1.5.5-2.1mdv2010.2.i586.rpm
35aedb0f443c5b96faf2cc3f0c9774d0 2010.1/i586/libpcsclite-devel-1.5.5-2.1mdv2010.2.i586.rpm
483ee37eb2ae95fe44649c449028efaa 2010.1/i586/libpcsclite-static-devel-1.5.5-2.1mdv2010.2.i586.rpm
ed00d83148affe361345db65cd29c5db 2010.1/i586/pcsc-lite-1.5.5-2.1mdv2010.2.i586.rpm
a53a46520d0b3f55a5672ae66db13a18 2010.1/SRPMS/pcsc-lite-1.5.5-2.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
b05d60aa1b2fe29a60defe1b06a20a8e 2010.1/x86_64/lib64pcsclite1-1.5.5-2.1mdv2010.2.x86_64.rpm
910af804d47eb0667a420f51410a5d97 2010.1/x86_64/lib64pcsclite-devel-1.5.5-2.1mdv2010.2.x86_64.rpm
6a04a618d0f85e8b4bd0cd59336bd7b9
2010.1/x86_64/lib64pcsclite-static-devel-1.5.5-2.1mdv2010.2.x86_64.rpm
d61120d304cd581e9529b12d68c67e1b 2010.1/x86_64/pcsc-lite-1.5.5-2.1mdv2010.2.x86_64.rpm
a53a46520d0b3f55a5672ae66db13a18 2010.1/SRPMS/pcsc-lite-1.5.5-2.1mdv2010.2.src.rpm

Corporate 4.0:
d198bb12df9768650b8b023cf0682235 corporate/4.0/i586/libpcsclite1-1.3.0-2.2.20060mlcs4.i586.rpm
e4ac5a2b593ef62fae4d2b27f504423c corporate/4.0/i586/libpcsclite1-devel-1.3.0-2.2.20060mlcs4.i586.rpm
c4542e045341899a71b51e2790807be2
corporate/4.0/i586/libpcsclite1-static-devel-1.3.0-2.2.20060mlcs4.i586.rpm
953f7cbed53e20c1e6141593ef682ce8 corporate/4.0/i586/pcsc-lite-1.3.0-2.2.20060mlcs4.i586.rpm
3c6765a9ebd8fd682f2894ded24252d5 corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b614f7ed9446b338baa784ae5f52bd12 corporate/4.0/x86_64/lib64pcsclite1-1.3.0-2.2.20060mlcs4.x86_64.rpm
d0ab4bd7bba3aa12d795ec14b5275255
corporate/4.0/x86_64/lib64pcsclite1-devel-1.3.0-2.2.20060mlcs4.x86_64.rpm
04c4bc08d596259e4353c52d5e933070
corporate/4.0/x86_64/lib64pcsclite1-static-devel-1.3.0-2.2.20060mlcs4.x86_64.rpm
6603ce736b8a876949d4d63a08d56e00 corporate/4.0/x86_64/pcsc-lite-1.3.0-2.2.20060mlcs4.x86_64.rpm
3c6765a9ebd8fd682f2894ded24252d5 corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.2.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
7ed0fa196d040622f207790461b52a43 mes5/i586/libpcsclite1-1.4.102-1.2mdvmes5.1.i586.rpm
f879e7282ab9cc61e84ebd2597499f80 mes5/i586/libpcsclite-devel-1.4.102-1.2mdvmes5.1.i586.rpm
73554d61bc2ab9cb03a150f56a0d6350 mes5/i586/libpcsclite-static-devel-1.4.102-1.2mdvmes5.1.i586.rpm
06579ff154adcd565b9cab0f840754cd mes5/i586/pcsc-lite-1.4.102-1.2mdvmes5.1.i586.rpm
5cc332351f3350333e0e0f38b9a45771 mes5/SRPMS/pcsc-lite-1.4.102-1.2mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
cfa52291779d9196a52d29010705d8d7 mes5/x86_64/lib64pcsclite1-1.4.102-1.2mdvmes5.1.x86_64.rpm
081a1250e01700a76a9a671a633b7c11 mes5/x86_64/lib64pcsclite-devel-1.4.102-1.2mdvmes5.1.x86_64.rpm
480be64c067ac9a4db1cf17fc83da674
mes5/x86_64/lib64pcsclite-static-devel-1.4.102-1.2mdvmes5.1.x86_64.rpm
ddefa78d3c632d33aa5521192bcc53ca mes5/x86_64/pcsc-lite-1.4.102-1.2mdvmes5.1.x86_64.rpm
5cc332351f3350333e0e0f38b9a45771 mes5/SRPMS/pcsc-lite-1.4.102-1.2mdvmes5.1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD4DBQFNOH7FmqjQ0CJFipgRAq9/AKCDh6iIaGpAJk79DRyL4F33leMQIwCVFQ46
S0gtdmrSQ8PhtZNCI85Y1g==
=yOk5
-----END PGP SIGNATURE-----

Related

fedora 2
veracode 1
nessus 14
openvas 15
prion 1
ubuntu 1
gentoo 1
debiancve 1
debian 1
oraclelinux 1
redhat 1
centos 1
ubuntucve 1
cve 1
securityvulns 1
fedora
fedora
[SECURITY] Fedora 14 Update: pcsc-lite-1.6.4-3.fc14
2011-01-13 23:35:38
[SECURITY] Fedora 13 Update: pcsc-lite-1.5.5-5.fc13
2011-01-13 23:38:23
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:49
nessus
nessus
Fedora 14 : pcsc-lite-1.6.4-3.fc14 (2011-0164)
2011-01-14 00:00:00
RHEL 6 : pcsc-lite (RHSA-2013:0525)
2013-02-21 00:00:00
Oracle Linux 6 : pcsc-lite (ELSA-2013-0525)
2013-07-12 00:00:00
openvas
openvas
Fedora Update for pcsc-lite FEDORA-2011-0123
2011-01-14 00:00:00
Fedora Update for pcsc-lite FEDORA-2011-0123
2011-01-14 00:00:00
Mandriva Update for pcsc-lite MDVSA-2011:015 (pcsc-lite)
2011-01-21 00:00:00
prion
prion
Stack overflow
2011-01-18 18:03:00
ubuntu
ubuntu
PCSC-Lite vulnerability
2011-04-27 00:00:00
gentoo
gentoo
PCSC-Lite: Arbitrary code execution
2014-01-21 00:00:00
debiancve
debiancve
CVE-2010-4531
2011-01-18 18:03:00
debian
debian
[SECURITY] [DSA-2156-1] pcscd security update
2011-01-31 11:22:24
oraclelinux
oraclelinux
pcsc-lite security and bug fix update
2013-02-22 00:00:00
redhat
redhat
(RHSA-2013:0525) Moderate: pcsc-lite security and bug fix update
2013-02-21 00:00:00
centos
centos
pcsc security update
2013-02-27 19:37:16
ubuntucve
ubuntucve
CVE-2010-4531
2011-01-18 00:00:00
cve
cve
CVE-2010-4531
2011-01-18 18:03:00
securityvulns
securityvulns
OpenSC / PCSC-Lite library buffer overflow
2011-01-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:25533
fedora2veracode1nessus14openvas15prion1ubuntu1gentoo1debiancve1debian1oraclelinux1redhat1centos1ubuntucve1cve1securityvulns1