Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-4902

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE Linux Security Vulnerability: CVE-2009-4902

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

06/18/2010

Created

07/25/2018

Added

02/17/2015

Modified

07/04/2017

Description

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.

Solution(s)

suse-upgrade-libpcsclite1
suse-upgrade-libpcsclite1-32bit
suse-upgrade-pcsc-lite
suse-upgrade-pcsc-lite-devel

References

https://attackerkb.com/topics/cve-2009-4902
40758
CVE - 2009-4902
DSA-2059

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-4902

SUSE Linux Security Vulnerability: CVE-2009-4902

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Success! Thank you for submission. We will be in touch shortly.

Submit your information and we will get in touch with you.