CCID: Arbitrary code execution

2014-01-21T00:00:00
ID GLSA-201401-16
Type gentoo
Reporter Gentoo Foundation
Modified 2014-01-21T00:00:00

Description

Background

CCID is a generic USB Chip/Smart Card Interface Devices driver.

Description

CCID contains an integer overflow vulnerability in ccid_serial.c.

Impact

A physically proximate attacker could execute arbitrary code via a smart card with a specially crafted serial number.

Workaround

There is no known workaround at this time.

Resolution

All CCID users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-crypt/ccid-1.4.1-r1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 21, 2011. It is likely that your system is already no longer affected by this issue.