Gentoo Linux Security Advisory 201401-17 - A vulnerability in PCSC-Lite could result in execution of arbitrary code or Denial of Service. Versions less than 1.6.6 are affected.
d9ebd17c9ea06a31a3f650f7cbeb686c6eca5ea673dc3832bc97cdb7e38dc582Red Hat Security Advisory 2013-0525-02 - PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, by inserting a specially-crafted smart card.
1acdfdf6fb86eb0d32e327d3148d42360a9310c27d3d44d65b35cdeed54eaa0eUbuntu Security Notice 1125-1 - Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart cards with malformed ATR messages. An attacker having physical access could exploit this with a special smart card and cause a denial of service or execute arbitrary code.
1f6cd6b13084e130b879a99b97190be6e3b43d434e8f2710672c5ef18b87d850Debian Linux Security Advisory 2156-1 - MWR InfoSecurity identified a buffer overflow in pcscd, middleware to access a smart card via PC/SC, which could lead to the execution of arbitrary code.
5b8cb9044947833364e87efc2f6de8d57bd607465ea189d225f46c509369bdd4Mandriva Linux Security Advisory 2011-015 - Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
33f548308b4805323bbf19456b5f977a0d2f8ce2608d54d6b298f21d40bc7dec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed