PT-2010-1705 · Muscle · Pcsc-Lite
Vincent Danen
·
Published
2010-06-18
·
Updated
2010-08-12
·
CVE-2009-4902
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MUSCLE PCSC-Lite versions 1.5.4 and earlier
Description
A buffer overflow issue exists in the MSGFunctionDemarshall function in winscard svc.c, which is part of the PC/SC Smart Card daemon. This could allow local users to gain privileges by sending crafted SCARD CONTROL message data that is not properly demarshalled.
Recommendations
For MUSCLE PCSC-Lite versions 1.5.4 and earlier, consider restricting access to the MSGFunctionDemarshall function until a proper fix is applied. As a temporary workaround, avoid using the SCARD CONTROL message with crafted data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pcsc-Lite