4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
43.4%
Chip/Smart Card Interface Devices (CCID) is a USB smart card reader
standard followed by most modern smart card readers. The ccid package
provides a Generic, USB-based CCID driver for readers, which follow this
standard.
An integer overflow, leading to an array index error, was found in the way
the CCID driver processed a smart card’s serial number. A local attacker
could use this flaw to execute arbitrary code with the privileges of the
user running the PC/SC Lite pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4530)
This update also fixes the following bug:
All users of ccid are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | ccid | < 1.3.9-6.el6 | ccid-1.3.9-6.el6.x86_64.rpm |
RedHat | 6 | i686 | ccid | < 1.3.9-6.el6 | ccid-1.3.9-6.el6.i686.rpm |
RedHat | 6 | src | ccid | < 1.3.9-6.el6 | ccid-1.3.9-6.el6.src.rpm |
RedHat | 6 | ppc64 | ccid-debuginfo | < 1.3.9-6.el6 | ccid-debuginfo-1.3.9-6.el6.ppc64.rpm |
RedHat | 6 | ppc64 | ccid | < 1.3.9-6.el6 | ccid-1.3.9-6.el6.ppc64.rpm |
RedHat | 6 | i686 | ccid-debuginfo | < 1.3.9-6.el6 | ccid-debuginfo-1.3.9-6.el6.i686.rpm |
RedHat | 6 | x86_64 | ccid-debuginfo | < 1.3.9-6.el6 | ccid-debuginfo-1.3.9-6.el6.x86_64.rpm |