Upstream information

CVE-2009-4902 at MITRE

Description

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:L/AC:L/Au:S/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 609317 [RESOLVED / FIXED], 629026 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.2
  • libpcsclite1-debuginfo >= 1.5.5-2.2.1
  • libpcsclite1-debuginfo-32bit >= 1.5.5-2.2.1
  • pcsc-lite-debuginfo >= 1.5.5-2.2.1
  • pcsc-lite-debugsource >= 1.5.5-2.2.1
openSUSE 11.2
  • libpcsclite1 >= 1.5.5-2.2.1
  • libpcsclite1-32bit >= 1.5.5-2.2.1
  • pcsc-lite >= 1.5.5-2.2.1
  • pcsc-lite-devel >= 1.5.5-2.2.1
openSUSE 11.3
  • libpcsclite1-debuginfo >= 1.5.5-7.1.1
  • libpcsclite1-debuginfo-32bit >= 1.5.5-7.1.1
  • pcsc-lite-debuginfo >= 1.5.5-7.1.1
  • pcsc-lite-debugsource >= 1.5.5-7.1.1
openSUSE 11.3
  • libpcsclite1 >= 1.5.5-7.1.1
  • libpcsclite1-32bit >= 1.5.5-7.1.1
  • pcsc-lite >= 1.5.5-7.1.1
  • pcsc-lite-devel >= 1.5.5-7.1.1