pcsc-lite: Multiple vulnerabilities

Users of pcsc-lite please be advised of a multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:189-1: MDVSA-2010:189-1 - pcsc-lite

Problem Description: Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901). Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902). Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/aNJGWx