CVE-2010-4530

Related Files

Gentoo Linux Security Advisory 201401-16

Posted Jan 21, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-16 - A vulnerability in CCID could result in execution of arbitrary code. Versions less than 1.4.1-r1 are affected.

tags | advisory, arbitrary

systems | linux, gentoo

advisories | CVE-2010-4530

SHA-256 | 4f0fa5f1896195a50a99d07e9cae6879be76eabf823c0761b9296527c318d03b

Download | Favorite | View

Red Hat Security Advisory 2013-1323-01

Posted Oct 1, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1323-01 - Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon, by inserting a specially-crafted smart card.

tags | advisory, overflow, arbitrary, local

systems | linux, redhat

advisories | CVE-2010-4530

SHA-256 | 2da3fa4fe75ef1c976d5c6c383db8f8320ad377a63cade41ec75485fe33e2286

Download | Favorite | View

Red Hat Security Advisory 2013-0523-02

Posted Feb 21, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0523-02 - Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon, by inserting a specially-crafted smart card.

tags | advisory, overflow, arbitrary, local

systems | linux, redhat

advisories | CVE-2010-4530

SHA-256 | be07020b588234f73d83cecb4bcda0a3b7242abbce8063504b00397ae11b7313

Download | Favorite | View

Mandriva Linux Security Advisory 2011-014

Posted Jan 21, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-014 - Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2010-4530

SHA-256 | 5bd5aad6a4d7b734fa684352a372a8563e83afb7520a4fb5838cb95e77566799

Download | Favorite | View