ID de Prueba:	1.3.6.1.4.1.25623.1.0.831312
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for pcsc-lite MDVSA-2011:015 (pcsc-lite)
Resumen:	The remote host is missing an update for the 'pcsc-lite'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'pcsc-lite' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in pcsc-lite: Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value (CVE-2010-4531). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: pcsc-lite on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4531 42912 http://secunia.com/advisories/42912 43112 http://secunia.com/advisories/43112 45450 http://www.securityfocus.com/bid/45450 ADV-2010-3264 http://www.vupen.com/english/advisories/2010/3264 ADV-2011-0101 http://www.vupen.com/english/advisories/2011/0101 ADV-2011-0180 http://www.vupen.com/english/advisories/2011/0180 ADV-2011-0256 http://www.vupen.com/english/advisories/2011/0256 DSA-2156 http://www.debian.org/security/2011/dsa-2156 FEDORA-2011-0123 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html FEDORA-2011-0164 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html MDVSA-2011:015 http://www.mandriva.com/security/advisories?name=MDVSA-2011:015 [Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2010/12/22/7 [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2011/01/03/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.