BugTraq
[USN-1125-1] PCSC-Lite vulnerability Apr 27 2011 08:42PM
Marc Deslauriers (marc deslauriers canonical com)
========================================================================
==
Ubuntu Security Notice USN-1125-1
April 27, 2011

pcsc-lite vulnerability
========================================================================
==

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10

Summary:

PCSC-Lite could be made to crash or run programs if it accessed a special
smart card.

Software Description:
- pcsc-lite: Middleware to access a smart card using PC/SC (development files)

Details:

Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart
cards with malformed ATR messages. An attacker having physical access
could exploit this with a special smart card and cause a denial of service
or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
libpcsclite1 1.5.5-3ubuntu2.1

Ubuntu 10.04 LTS:
libpcsclite1 1.5.3-1ubuntu4.2

Ubuntu 9.10:
libpcsclite1 1.5.3-1ubuntu1.2

After a standard system update you need to restart smart card applications
to make all the necessary changes.

References:
CVE-2010-4531

Package Information:
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.5-3ubuntu2.1
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu4.2
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu1.2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJNuH+dAAoJEGVp2FWnRL6T4TYP/A3rQIMctblGAsrbC4gAu0Sz
dhStq941aPNh7On81wyhiaDvYWGXRmwq7bHBH4TROE10ibm+4i6oUsKgTZu7AX7J
+AArbJgQMpDJZwW7obL2I/PzmODxRiuq0gZJvGyXsC5u+hXtlqv8DYfWMJDlXweq
UpU3gBpWhj1r7jJbKjrlj/sIoqzmoJs0fObZkVqHOFC+LOjVapsxo5S5y6vxlP0N
onh7VLa2vR0nZaCux6LpMkuh/EtARr3A8Paq3lXrFBrGnjOivnIpZYFHnZmnBkgx
ribmWkDVV/1Li8lDsOgF7QNI3ot+FaOA/qqz0x5IyDQR9/agWPguULegpZnDmN7H
z0EGmVi4g4FRTT9GV2yAkXwULksPvWzkVWcFAnq8RET316i8S7U/Qps0ptXGXpY0
j/OvgUs5/2ehdrhFIIYstkPiB9oLb3dopZluk7yOe3U9pqeevNW2bdqmg9r14elZ
0vXfklzaixbRaTpDfaZb+ebXZCU7TGV+BDotleGUcjGs1GaM76c97jXfc9wCWqIV
C/nL1SzHt+sxEb2c041IvJCQPWg2gfYatUtHSNnxTpXCTXzzZhCDziPJ0/bocfZJ
8mooOxPDfFtfMIvvAvBF9peosYn4/DiGkHaYcUEUsNVrEVTv3ZLF9VRmHwjpMVmh
hAeanqRFtSlNNMWC9909
=Bfdo
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus