33 matches found
ALBA-2021:3049 pcsc-lite bug fix and enhancement update
PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. Bug Fixes: Increase global reader array size to 48 to address issue with RHCS secure channel creation BZ1972569 Increase global reader array size to 48 to...
pcsc-lite bug fix and enhancement update
PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. Bug Fixes: Increase global reader array size to 48 to address issue with RHCS secure channel creation BZ1972569 Increase global reader array size to 48 to...
Buffer Overflows
PC/SC Lite is vulnerable to buffer overflow in the way the pcscd daemon. It is due to a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause...
Denial Of Service (DoS)
PC/SC Lite is vulnerable to Denial Of Service DoS.It is possible due to the way the pcscd daemon coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd...
[SECURITY] Fedora 29 Update: pcsc-lite-1.8.25-1.fc29
The purpose of PC/SC Lite is to provide a WindowsR SCard interface in a very small form factor for communicating to smartcards and readers. PC/SC Lite uses the same winscard API as used under WindowsR. This package includes the PC/SC Lite daemon, a resource manager that coordinates communications...
JVN#16136413: Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries
PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with t...
THC-SmartBrute - Finds undocumented and secret commands implemented in a smartcard
This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination. Furthermore...
Scientific Linux Security Update : ccid on SL5.x i386/x86_64 (20130930)
An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon root, by default, by inserting a...
Scientific Linux Security Update : ccid on SL6.x i386/x86_64 (20130221)
An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon root, by default, by inserting a...
ccid security update
CentOS Errata and Security Advisory CESA-2013:0523 An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS...
RedHat Update for ccid RHSA-2013:0523-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Low: Red Hat Security Advisory: ccid security and bug fix update
An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
[SECURITY] Fedora 14 Update: pcsc-lite-1.6.4-3.fc14
The purpose of PC/SC Lite is to provide a WindowsR SCard interface in a very small form factor for communicating to smartcards and readers. PC/SC Lite uses the same winscard API as used under WindowsR. This package includes the PC/SC Lite daemon, a resource manager that coordinates communications...
Mandriva Linux Security Advisory : pcsc-lite (MDVSA-2010:189)
Multiple vulnerabilities has been found and corrected in pcsc-lite : The MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service daemon crash via crafted SCARDSETATTRIB message...
Ubuntu 9.04 / 9.10 / 10.04 LTS : pcsc-lite vulnerability (USN-969-1)
It was discovered that the PC/SC service did not correctly handle malformed messages. A local attacker could exploit this to execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...
pcsc security update
CentOS Errata and Security Advisory CESA-2010:0533 Updated pcsc-lite packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
Moderate: Red Hat Security Advisory: pcsc-lite security update
Updated pcsc-lite packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
CVE-2009-4902
Buffer overflow in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARDCONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists...
CVE-2010-0407
Multiple buffer overflows in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled...
Buffer overflow
Buffer overflow in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARDCONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists...