Secunia
Login
|
|
CVE Reference: CVE-2010-4531 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-4531 |
|
|
Description: Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA42912 Secunia Advisory: SA43112 MLIST http://www.openwall.com/lists/oss-security/2011/01/03/3 http://www.openwall.com/lists/oss-security/2010/12/22/7 http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html MISC http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:015 FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html DEBIAN http://www.debian.org/security/2011/dsa-2156 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 BID 45450 |
|
| Return to the previous page. |
