Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:014 (ccid)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68855

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:014 (ccid)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to ccid
announced via advisory MDVSA-2011:014.

A vulnerability has been found and corrected in ccid:

Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card
Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3
and possibly other products, allows physically proximate attackers to
execute arbitrary code via a smart card with a crafted serial number
that causes a negative value to be used in a memcpy operation, which
triggers a buffer overflow. NOTE: some sources refer to this issue
as an integer overflow (CVE-2010-4530).

The updated packages have been patched to correct this issue.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:014

Risk factor : Medium

CVSS Score:
4.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4530
45806
http://www.securityfocus.com/bid/45806
ADV-2011-0100
http://www.vupen.com/english/advisories/2011/0100
ADV-2011-0179
http://www.vupen.com/english/advisories/2011/0179
FEDORA-2011-0143
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html
FEDORA-2011-0162
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html
MDVSA-2011:014
http://www.mandriva.com/security/advisories?name=MDVSA-2011:014
RHSA-2013:1323
http://rhn.redhat.com/errata/RHSA-2013-1323.html
[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]
http://www.openwall.com/lists/oss-security/2010/12/22/7
[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]
http://www.openwall.com/lists/oss-security/2011/01/03/3
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=664986
pcsclite-ccid-code-execution(64961)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64961

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68855
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:014 (ccid)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ccid announced via advisory MDVSA-2011:014. A vulnerability has been found and corrected in ccid: Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow (CVE-2010-4530). The updated packages have been patched to correct this issue. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:014 Risk factor : Medium CVSS Score: 4.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4530 45806 http://www.securityfocus.com/bid/45806 ADV-2011-0100 http://www.vupen.com/english/advisories/2011/0100 ADV-2011-0179 http://www.vupen.com/english/advisories/2011/0179 FEDORA-2011-0143 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html FEDORA-2011-0162 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html MDVSA-2011:014 http://www.mandriva.com/security/advisories?name=MDVSA-2011:014 RHSA-2013:1323 http://rhn.redhat.com/errata/RHSA-2013-1323.html [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2010/12/22/7 [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2011/01/03/3 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf https://bugzilla.redhat.com/show_bug.cgi?id=664986 pcsclite-ccid-code-execution(64961) https://exchange.xforce.ibmcloud.com/vulnerabilities/64961
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com