4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
43.5%
Chip/Smart Card Interface Devices (CCID) is a USB smart card reader
standard followed by most modern smart card readers. The ccid package
provides a Generic, USB-based CCID driver for readers, which follow this
standard.
An integer overflow, leading to an array index error, was found in the way
the CCID driver processed a smart card’s serial number. A local attacker
could use this flaw to execute arbitrary code with the privileges of the
user running the PC/SC Lite pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4530)
This update also fixes the following bug:
All ccid users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | ccid-debuginfo | < 1.3.8-2.el5 | ccid-debuginfo-1.3.8-2.el5.i386.rpm |
RedHat | 5 | ia64 | ccid-debuginfo | < 1.3.8-2.el5 | ccid-debuginfo-1.3.8-2.el5.ia64.rpm |
RedHat | 5 | ia64 | ccid | < 1.3.8-2.el5 | ccid-1.3.8-2.el5.ia64.rpm |
RedHat | 5 | i386 | ccid | < 1.3.8-2.el5 | ccid-1.3.8-2.el5.i386.rpm |
RedHat | 5 | x86_64 | ccid-debuginfo | < 1.3.8-2.el5 | ccid-debuginfo-1.3.8-2.el5.x86_64.rpm |
RedHat | 5 | src | ccid | < 1.3.8-2.el5 | ccid-1.3.8-2.el5.src.rpm |
RedHat | 5 | ppc | ccid | < 1.3.8-2.el5 | ccid-1.3.8-2.el5.ppc.rpm |
RedHat | 5 | x86_64 | ccid | < 1.3.8-2.el5 | ccid-1.3.8-2.el5.x86_64.rpm |
RedHat | 5 | ppc | ccid-debuginfo | < 1.3.8-2.el5 | ccid-debuginfo-1.3.8-2.el5.ppc.rpm |