You are here

CVE-2009-4901

Vincent (CVE) Danen's picture
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

Details Source

Mitre

Public Date

2010-06-10 00:00:00

Impact

Moderate

Bugzilla

CVE-2009-4901 CVE-2009-4902 CVE-2010-0407 pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages

Bugzilla ID

596 426

CVSS Status

verified

Base Score

6.20

Base Metrics

AV:L/AC:H/Au:N/C:C/I:C/A:C

Red Hat Security Errata

Platform Errata Release Date
Red Hat Certificate System 7.3 for 4AS (pcsc-lite) RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 5 (pcsc-lite) RHSA-2010:0533 2010-07-14

CWE

CWE-228->CWE-119

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 pcsc-lite Affected
Red Hat Certificate System 7.2 for 4AS pcsc-lite Affected