Upstream information

CVE-2009-4901 at MITRE

Description

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:N/I:N/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 609317 [RESOLVED / FIXED], 629026 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.2
  • libpcsclite1-debuginfo >= 1.5.5-2.2.1
  • libpcsclite1-debuginfo-32bit >= 1.5.5-2.2.1
  • pcsc-lite-debuginfo >= 1.5.5-2.2.1
  • pcsc-lite-debugsource >= 1.5.5-2.2.1
openSUSE 11.2
  • libpcsclite1 >= 1.5.5-2.2.1
  • libpcsclite1-32bit >= 1.5.5-2.2.1
  • pcsc-lite >= 1.5.5-2.2.1
  • pcsc-lite-devel >= 1.5.5-2.2.1
openSUSE 11.3
  • libpcsclite1-debuginfo >= 1.5.5-7.1.1
  • libpcsclite1-debuginfo-32bit >= 1.5.5-7.1.1
  • pcsc-lite-debuginfo >= 1.5.5-7.1.1
  • pcsc-lite-debugsource >= 1.5.5-7.1.1
openSUSE 11.3
  • libpcsclite1 >= 1.5.5-7.1.1
  • libpcsclite1-32bit >= 1.5.5-7.1.1
  • pcsc-lite >= 1.5.5-7.1.1
  • pcsc-lite-devel >= 1.5.5-7.1.1