ID de Prueba:	1.3.6.1.4.1.25623.1.0.68739
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:011 (opensc)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to opensc announced via advisory MDVSA-2011:011. A vulnerability has been found and corrected in opensc: Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c (CVE-2010-4523). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:011 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4523 42658 http://secunia.com/advisories/42658 42807 http://secunia.com/advisories/42807 43068 http://secunia.com/advisories/43068 45435 http://www.securityfocus.com/bid/45435 ADV-2011-0009 http://www.vupen.com/english/advisories/2011/0009 ADV-2011-0109 http://www.vupen.com/english/advisories/2011/0109 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 FEDORA-2010-19192 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html FEDORA-2010-19193 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html MDVSA-2011:011 http://www.mandriva.com/security/advisories?name=MDVSA-2011:011 SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html [oss-security] 20101221 CVE request: opensc buffer overflow http://openwall.com/lists/oss-security/2010/12/21/2 [oss-security] 20101222 Re: CVE request: opensc buffer overflow http://openwall.com/lists/oss-security/2010/12/22/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 https://bugzilla.redhat.com/show_bug.cgi?id=664831 https://www.opensc-project.org/opensc/changeset/4913
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.