CVE-2009-4902

Related Files

Mandriva Linux Security Advisory 2010-189

Posted Sep 25, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-189 - The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted this vulnerability exists because of an incorrect fix for CVE-2010-0407. Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.

tags | advisory, denial of service, overflow, local

systems | linux, mandriva

advisories | CVE-2009-4901, CVE-2009-4902, CVE-2010-0407

SHA-256 | 2f8bbfdd4f68ed4d335eebb86ecc09a0183390aee25c78b23f4ded8e62fd47af

Download | Favorite | View

Mandriva Linux Security Advisory 2010-189

Posted Sep 25, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-189 - The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted this vulnerability exists because of an incorrect fix for CVE-2010-0407. Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.

tags | advisory, denial of service, overflow, local

systems | linux, mandriva

advisories | CVE-2009-4901, CVE-2009-4902, CVE-2010-0407

SHA-256 | ca04b9d82ecaa1a57c63c9c0250bdc8f52c49227e19296782cb07fa29de4139f

Download | Favorite | View

Ubuntu Security Notice 969-1

Posted Aug 6, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 969-1 - It was discovered that the PC/SC service did not correctly handle malformed messages. A local attacker could exploit this to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root

systems | linux, ubuntu

advisories | CVE-2009-4901, CVE-2009-4902, CVE-2010-0407

SHA-256 | 7811f87951b4936291b4ef97a6c80e9a730967846266aa52690d1e839a0dc730

Download | Favorite | View