Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 3 Jan 2011 13:47:20 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Robert Relyea <rrelyea@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- 1, ccid -- int.overflow leading
 to array index error 2, pcsc-lite stack-based buffer overflow in ATR
 decoder [was: CVE request: opensc buffer overflow ]



----- Original Message -----
> Hello Josh, Steve, vendors,
> 
> Rafael Dominguez Vega of MWR InfoSecurity reported two more flaws
> related with smart cards:
> 
> I), CCID: Integer overflow, leading to array index error when
> processing crafted serial number of certain cards
> 
> Description:
> An integer overflow, leading to array index error was found
> in the way USB CCID (Chip/Smart Card Interface Devices) driver
> processed certain values of card serial number. A local attacker
> could use this flaw to execute arbitrary code, with the privileges
> of the user running the pcscd daemon, via a malicious smart card
> with specially-crafted value of its serial number, inserted to
> the system USB port.
> 
> References:
> [1]
> http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=664986
> 
> Upstream changesets:
> [4]
> http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html
> [5]
> http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html

Please use CVE-2010-4530 for the above issue.


> 
> II), pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR)
> decoder
> 
> Description:
> A stack-based buffer overflow flaw was found in the way
> PC/SC Lite smart card framework decoded certain attribute
> values of the Answer-to-Reset (ATR) message, received back
> from the card after connecting. A local attacker could
> use this flaw to execute arbitrary code with the privileges
> of the user running the pcscd daemon, via a malicious smart
> card inserted to the system USB port.
> 
> References:
> [1]
> http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781
> [3] http://www.vupen.com/english/advisories/2010/3264
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=664999
> 
> Upstream changeset:
> [5]
> http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
> 

Please use CVE-2010-4531 for the above issue.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ