 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.881636 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for ccid CESA-2013:0523 centos6 |
| Summary: | The remote host is missing an update for the 'ccid'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'ccid' package(s) announced via the referenced advisory. Vulnerability Insight: Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4530) This update also fixes the following bug: * Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply. (BZ#808115) All users of ccid are advised to upgrade to this updated package, which contains backported patches to correct these issues. Affected Software/OS: ccid on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4530 45806 http://www.securityfocus.com/bid/45806 ADV-2011-0100 http://www.vupen.com/english/advisories/2011/0100 ADV-2011-0179 http://www.vupen.com/english/advisories/2011/0179 FEDORA-2011-0143 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html FEDORA-2011-0162 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html MDVSA-2011:014 http://www.mandriva.com/security/advisories?name=MDVSA-2011:014 RHSA-2013:1323 http://rhn.redhat.com/errata/RHSA-2013-1323.html [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2010/12/22/7 [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] http://www.openwall.com/lists/oss-security/2011/01/03/3 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf https://bugzilla.redhat.com/show_bug.cgi?id=664986 pcsclite-ccid-code-execution(64961) https://exchange.xforce.ibmcloud.com/vulnerabilities/64961 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |