ID de Prueba:	1.3.6.1.4.1.25623.1.0.68854
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:015 (pcsc-lite)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pcsc-lite announced via advisory MDVSA-2011:015. A vulnerability has been found and corrected in pcsc-lite: Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value (CVE-2010-4531). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:015 Risk factor : Medium CVSS Score: 4.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4531 42912 http://secunia.com/advisories/42912 43112 http://secunia.com/advisories/43112 45450 http://www.securityfocus.com/bid/45450 ADV-2010-3264 http://www.vupen.com/english/advisories/2010/3264 ADV-2011-0101 http://www.vupen.com/english/advisories/2011/0101 ADV-2011-0180 http://www.vupen.com/english/advisories/2011/0180 ADV-2011-0256 http://www.vupen.com/english/advisories/2011/0256 DSA-2156 http://www.debian.org/security/2011/dsa-2156 FEDORA-2011-0123 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html FEDORA-2011-0164 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html MDVSA-2011:015 http://www.mandriva.com/security/advisories?name=MDVSA-2011:015 [Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2010/12/22/7 [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2011/01/03/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.