Test ID:	1.3.6.1.4.1.25623.1.0.68854
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:015 (pcsc-lite)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to pcsc-lite announced via advisory MDVSA-2011:015. A vulnerability has been found and corrected in pcsc-lite: Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value (CVE-2010-4531). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:015 Risk factor : Medium CVSS Score: 4.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4531 42912 http://secunia.com/advisories/42912 43112 http://secunia.com/advisories/43112 45450 http://www.securityfocus.com/bid/45450 ADV-2010-3264 http://www.vupen.com/english/advisories/2010/3264 ADV-2011-0101 http://www.vupen.com/english/advisories/2011/0101 ADV-2011-0180 http://www.vupen.com/english/advisories/2011/0180 ADV-2011-0256 http://www.vupen.com/english/advisories/2011/0256 DSA-2156 http://www.debian.org/security/2011/dsa-2156 FEDORA-2011-0123 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html FEDORA-2011-0164 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html MDVSA-2011:015 http://www.mandriva.com/security/advisories?name=MDVSA-2011:015 [Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2010/12/22/7 [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2011/01/03/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.