Arch Linux Security Advisory ASA-201701-12
=========================================
Severity: Medium
Date    : 2017-01-04
CVE-ID  : CVE-2016-10109
Package : pcsclite
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-126

Summary
======
The package pcsclite before version 1.8.20-1 is vulnerable to privilege
escalation.

Resolution
=========
Upgrade to 1.8.20-1.

# pacman -Syu "pcsclite>=1.8.20-1"

The problem has been fixed upstream in version 1.8.20.

Workaround
=========
None.

Description
==========
The SCardReleaseContext function normally releases resources associated
with the given handle (including "cardsList") and clients should cease
using this handle. A malicious client can however make the daemon
invoke SCardReleaseContext and continue issuing other commands that use
"cardsList", resulting in a use-after-free. When SCardReleaseContext is
invoked multiple times, it additionally results in a double-free of
"cardsList".
The issue allows a local attacker to cause a denial of service, but can
potentially result in privilege escalation since the daemon is running
as root while any local user can connect to the Unix socket. Fixed by
patch "SCardReleaseContext: prevent use-after-free of cardsList" which
is released with hpcsc-lite 1.8.20 on 30 December 2016.

Impact
=====
A local attacker is able to cause a denial of service or escalate
privileges by sending specially crafted commands to pcscd.

References
=========
https://alioth-lists-archive.debian.net/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html
https://marc.info/;m=148345047107588
https://security.archlinux.org/CVE-2016-10109

ArchLinux: 201701-12: pcsclite: privilege escalation

January 4, 2017

Summary

The SCardReleaseContext function normally releases resources associated with the given handle (including "cardsList") and clients should cease using this handle. A malicious client can however make the daemon invoke SCardReleaseContext and continue issuing other commands that use "cardsList", resulting in a use-after-free. When SCardReleaseContext is invoked multiple times, it additionally results in a double-free of "cardsList". The issue allows a local attacker to cause a denial of service, but can potentially result in privilege escalation since the daemon is running as root while any local user can connect to the Unix socket. Fixed by patch "SCardReleaseContext: prevent use-after-free of cardsList" which is released with hpcsc-lite 1.8.20 on 30 December 2016.

Resolution

Upgrade to 1.8.20-1. # pacman -Syu "pcsclite>=1.8.20-1"
The problem has been fixed upstream in version 1.8.20.

References

https://alioth-lists-archive.debian.net/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html https://marc.info/;m=148345047107588 https://security.archlinux.org/CVE-2016-10109

Severity
Package : pcsclite
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-126

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved