Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11161

HistoryJan 15, 2019 - 8:57 a.m.

Denial Of Service (DoS)

2019-01-1508:57:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

pcsc-lite is vulnerable to denial of service (DoS) attacks. The vulnerability exists as Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.

CPENameOperatorVersion
pcsc-liteeq1.5.2__6.el6
pcsc-liteeq1.5.2__8.el6_3
pcsc-liteeq1.5.2__7.el6
pcsc-liteeq1.5.2__6.el6
pcsc-liteeq1.5.2__8.el6_3
pcsc-liteeq1.5.2__7.el6

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781

labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf

lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html

secunia.com/advisories/42912

secunia.com/advisories/43112

www.debian.org/security/2011/dsa-2156

www.mandriva.com/security/advisories?name=MDVSA-2011:015

www.openwall.com/lists/oss-security/2010/12/22/7

www.openwall.com/lists/oss-security/2011/01/03/3

www.securityfocus.com/bid/45450

www.vupen.com/english/advisories/2010/3264

www.vupen.com/english/advisories/2011/0101

www.vupen.com/english/advisories/2011/0180

www.vupen.com/english/advisories/2011/0256

access.redhat.com/errata/RHSA-2013:0525

access.redhat.com/security/cve/CVE-2010-4531

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=664999

bugzilla.redhat.com/show_bug.cgi?id=834803

bugzilla.redhat.com/show_bug.cgi?id=891852

bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531

rhn.redhat.com/errata/RHSA-2013-0525.html

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:11161

fedora2 openvas15 nessus14 prion1 ubuntu1 gentoo1 debian1 debiancve1 oraclelinux1 securityvulns2 cvelist1 redhat1 cve1 ubuntucve1 centos1