 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.68035 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandriva Security Advisory MDVSA-2010:189-1 (pcsc-lite) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to pcsc-lite announced via advisory MDVSA-2010:189-1. Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901). Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902). Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled (CVE-2010-0407). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Update: The previous MDVSA-2010:189 advisory was missing the packages for CS4, this advisory corrects the problem. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:189-1 Risk factor : High CVSS Score: 6.8 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0407 BugTraq ID: 40758 http://www.securityfocus.com/bid/40758 Debian Security Information: DSA-2059 (Google Search) http://www.debian.org/security/2010/dsa-2059 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html http://secunia.com/advisories/40140 http://secunia.com/advisories/40239 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vupen.com/english/advisories/2010/1427 http://www.vupen.com/english/advisories/2010/1508 Common Vulnerability Exposure (CVE) ID: CVE-2009-4901 Common Vulnerability Exposure (CVE) ID: CVE-2009-4902 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |