Lucene search

K

Ubuntu.comUB:CVE-2009-4902

HistoryJun 18, 2010 - 12:00 a.m.

CVE-2009-4902

2010-06-1800:00:00

ubuntu.com

ubuntu.com

9

6.8 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in
the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and
earlier might allow local users to gain privileges via crafted
SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2010-0407.

Notes

Author	Note
kees	only exists if CVE-2010-0407 is fixed incorrectly

References

launchpad.net/bugs/cve/CVE-2009-4902

nvd.nist.gov/vuln/detail/CVE-2009-4902

security-tracker.debian.org/tracker/CVE-2009-4902

ubuntu.com/security/notices/USN-969-1

www.cve.org/CVERecord?id=CVE-2009-4902

6.8 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

Related for UB:CVE-2009-4902

cve3 nessus16 prion3 debiancve3 openvas17 ubuntu1 veracode1 securityvulns2 osv1 debian2 ubuntucve2 fedora3 redhat1 oraclelinux1 centos1