Mandrake Local Security Checks : Mandriva Update for opensc MDVSA-2011:011 (opensc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831310

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for opensc MDVSA-2011:011 (opensc)

Resumen: The remote host is missing an update for the 'opensc'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'opensc'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in opensc:

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13
and earlier allow physically proximate attackers to execute arbitrary
code via a long serial-number field on a smart card, related to
(1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c
(CVE-2010-4523).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
opensc on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4523
42658
http://secunia.com/advisories/42658
42807
http://secunia.com/advisories/42807
43068
http://secunia.com/advisories/43068
45435
http://www.securityfocus.com/bid/45435
ADV-2011-0009
http://www.vupen.com/english/advisories/2011/0009
ADV-2011-0109
http://www.vupen.com/english/advisories/2011/0109
ADV-2011-0212
http://www.vupen.com/english/advisories/2011/0212
FEDORA-2010-19192
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html
FEDORA-2010-19193
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html
MDVSA-2011:011
http://www.mandriva.com/security/advisories?name=MDVSA-2011:011
SUSE-SR:2011:002
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[oss-security] 20101221 CVE request: opensc buffer overflow
http://openwall.com/lists/oss-security/2010/12/21/2
[oss-security] 20101222 Re: CVE request: opensc buffer overflow
http://openwall.com/lists/oss-security/2010/12/22/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
https://bugzilla.redhat.com/show_bug.cgi?id=664831
https://www.opensc-project.org/opensc/changeset/4913

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831310
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for opensc MDVSA-2011:011 (opensc)
Resumen:	The remote host is missing an update for the 'opensc'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'opensc' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in opensc: Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c (CVE-2010-4523). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: opensc on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4523 42658 http://secunia.com/advisories/42658 42807 http://secunia.com/advisories/42807 43068 http://secunia.com/advisories/43068 45435 http://www.securityfocus.com/bid/45435 ADV-2011-0009 http://www.vupen.com/english/advisories/2011/0009 ADV-2011-0109 http://www.vupen.com/english/advisories/2011/0109 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 FEDORA-2010-19192 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html FEDORA-2010-19193 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html MDVSA-2011:011 http://www.mandriva.com/security/advisories?name=MDVSA-2011:011 SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html [oss-security] 20101221 CVE request: opensc buffer overflow http://openwall.com/lists/oss-security/2010/12/21/2 [oss-security] 20101222 Re: CVE request: opensc buffer overflow http://openwall.com/lists/oss-security/2010/12/22/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 https://bugzilla.redhat.com/show_bug.cgi?id=664831 https://www.opensc-project.org/opensc/changeset/4913
Copyright	Copyright (C) 2011 Greenbone AG