ccid: arbitrary code execution
|Created:||January 14, 2011||Updated:||February 3, 2011|
|Description:||From the Red Hat bugzilla:|
An integer overflow, leading to array index error was found
in the way USB CCID (Chip/Smart Card Interface Devices) driver
processed certain values of card serial number. A local attacker
could use this flaw to execute arbitrary code, with the privileges
of the user running the pcscd daemon, via a malicious smart card
with specially-crafted value of its serial number, inserted to
the system USB port.
The description of the problem is not exact. The problem is present in file
ccid/src/ccid_serial.cand only impacts the GemPC Twin connected to a serial port.
The bug was fixed on 5th November 2010 in revisions 5381 and 5382, more than a month before MWR published a InfoSecurity Security Advisory PCSC-Lite: libccid Buffer Overflow on 13th December 2010.
Debian 6.0 was released just yesterday. The libccid package in this version contains the fix. Debian did not released a Debian Security Advisory because the bug is minor.