ccid: arbitrary code execution
Package(s): | ccid | CVE #(s): | CVE-2010-4530 | |||||||||||||||
Created: | January 14, 2011 | Updated: | February 3, 2011 | |||||||||||||||
Description: | From the Red Hat bugzilla: An integer overflow, leading to array index error was found in the way USB CCID (Chip/Smart Card Interface Devices) driver processed certain values of card serial number. A local attacker could use this flaw to execute arbitrary code, with the privileges of the user running the pcscd daemon, via a malicious smart card with specially-crafted value of its serial number, inserted to the system USB port. | |||||||||||||||||
Alerts: |
|
The description of the problem is not exact. The problem is present in file
ccid/src/ccid_serial.c
and only impacts the GemPC Twin connected to a serial port.The bug was fixed on 5th November 2010 in revisions 5381 and 5382, more than a month before MWR published a InfoSecurity Security Advisory PCSC-Lite: libccid Buffer Overflow on 13th December 2010.
Debian 6.0 was released just yesterday. The libccid package in this version contains the fix. Debian did not released a Debian Security Advisory because the bug is minor.