Rapid7 Vulnerability & Exploit Database

RHSA-2010:0533: pcsc-lite security update

Back to Search

RHSA-2010:0533: pcsc-lite security update

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
06/18/2010
Created
07/25/2018
Added
07/16/2010
Modified
07/04/2017

Description

PC/SC Lite provides a Windows SCard compatible interface for communicatingwith smart cards, smart card readers, and other security tokens.Multiple buffer overflow flaws were discovered in the way the pcscd daemon,a resource manager that coordinates communications with smart card readersand smart cards connected to the system, handled client requests. A localuser could create a specially-crafted request that would cause the pcscddaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,CVE-2009-4901)Users of pcsc-lite should upgrade to these updated packages, which containa backported patch to correct these issues. After installing this update,the pcscd daemon will be restarted automatically.

Solution(s)

  • redhat-upgrade-pcsc-lite
  • redhat-upgrade-pcsc-lite-devel
  • redhat-upgrade-pcsc-lite-doc
  • redhat-upgrade-pcsc-lite-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;