CVE-2009-4902
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.
| Software | From | Fixed in |
|---|---|---|
| muscle / pcsc-lite | 1.2.9-beta7 | 1.2.9-beta7.x |
| muscle / pcsc-lite | 1.4.3 | 1.4.3.x |
| muscle / pcsc-lite | 1.2.0-rc2 | 1.2.0-rc2.x |
| muscle / pcsc-lite | 1.3.1 | 1.3.1.x |
| muscle / pcsc-lite | 1.2.9-beta6 | 1.2.9-beta6.x |
| muscle / pcsc-lite | 1.2.9-beta1 | 1.2.9-beta1.x |
| muscle / pcsc-lite | 1.1.2-beta5 | 1.1.2-beta5.x |
| muscle / pcsc-lite | 1.2.9-beta8 | 1.2.9-beta8.x |
| muscle / pcsc-lite | 1.2.9-beta2 | 1.2.9-beta2.x |
| muscle / pcsc-lite | 1.2.9-beta5 | 1.2.9-beta5.x |
| muscle / pcsc-lite | 1.5.1 | 1.5.1.x |
| muscle / pcsc-lite | 1.1.2-beta3 | 1.1.2-beta3.x |
| muscle / pcsc-lite | 1.3.2 | 1.3.2.x |
| muscle / pcsc-lite | 1.4.102 | 1.4.102.x |
| muscle / pcsc-lite | 1.4.100 | 1.4.100.x |
| muscle / pcsc-lite | 1.2.9-beta10 | 1.2.9-beta10.x |
| muscle / pcsc-lite | 1.4.1 | 1.4.1.x |
| muscle / pcsc-lite | 1.3.0 | 1.3.0.x |
| muscle / pcsc-lite | 1.4.101 | 1.4.101.x |
| muscle / pcsc-lite | 1.4.0 | 1.4.0.x |
| muscle / pcsc-lite | 1.2.9-beta3 | 1.2.9-beta3.x |
| muscle / pcsc-lite | 1.2.0-rc3 | 1.2.0-rc3.x |
| muscle / pcsc-lite | - | 1.5.4.x |
| muscle / pcsc-lite | 1.2.0 | 1.2.0.x |
| muscle / pcsc-lite | 1.4.2 | 1.4.2.x |
| muscle / pcsc-lite | 1.1.2-beta2 | 1.1.2-beta2.x |
| muscle / pcsc-lite | 1.4.99 | 1.4.99.x |
| muscle / pcsc-lite | 1.2.9-beta9 | 1.2.9-beta9.x |
| muscle / pcsc-lite | 1.3.3 | 1.3.3.x |
| muscle / pcsc-lite | 1.2.0-rc1 | 1.2.0-rc1.x |
| muscle / pcsc-lite | 1.4.4 | 1.4.4.x |
| muscle / pcsc-lite | 1.2.9-beta4 | 1.2.9-beta4.x |
| muscle / pcsc-lite | 1.5.0 | 1.5.0.x |
| muscle / pcsc-lite | 1.5.2 | 1.5.2.x |
| muscle / pcsc-lite | 1.1.2-beta4 | 1.1.2-beta4.x |
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html
- http://secunia.com/advisories/40140
- http://secunia.com/advisories/40239
- http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334
- http://www.debian.org/security/2010/dsa-2059
- http://www.securityfocus.com/bid/40758
- http://www.vupen.com/english/advisories/2010/1427
- http://www.vupen.com/english/advisories/2010/1508
- https://bugzilla.redhat.com/show_bug.cgi?id=596426
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime