Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 10.10 USN-1125-1 Moderate: PCSC-Lite Denial of Service

ubuntu
Calendar Grey April 27, 2011
Scroller Ubuntu
The vulnerability in PCSC-Lite has the potential to halt systems or run arbitrary code during smart card access. Check the security update for detailed insights.
PCSC-Lite could be made to crash or run programs if it accessed a special smart card.

Summary

PCSC-Lite could be made to crash or run programs if it accessed a special

smart card.

Software Description:

- pcsc-lite: Middleware to access a smart card using PC/SC (development files)

Details:

Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart

cards with malformed ATR messages. An attacker having physical access

could exploit this with a special smart card and cause a denial of service

or execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  libpcsclite1                    1.5.5-3ubuntu2.1

Ubuntu 10.04 LTS:
  libpcsclite1                    1.5.3-1ubuntu4.2

Ubuntu 9.10:
  libpcsclite1                    1.5.3-1ubuntu1.2

After a standard system update you need to restart smart card applications
to make all the necessary changes.

References

CVE-2010-4531

Severity
important
Lowest
Low
Medium
High
Critical

April 27, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.