pcsc-lite-1.4.4-4.0.1.AXS3
エラータID: AXSA:2010-386:03
リリース日:
2010/07/20 Tuesday - 13:14
題名:
pcsc-lite-1.4.4-4.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PC/SC スマートカードデーモン (PCSCD) の MSGFunctionDemarshall 関数には, 巧妙に細工された SCARD_SET_ATTRIB メッセージデータによって, ローカルユーザがサービス拒否 (デーモンのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-4901)
- PC/SC スマートカードデーモン (PCSCD) の MSGFunctionDemarshall 関数には, 巧妙に細工されたメッセージデータによって, ローカルのユーザが権限を得る脆弱性があります。 (CVE-2010-0407)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-4901
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
CVE-2010-0407
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
追加情報:
N/A
ダウンロード:
SRPMS
- pcsc-lite-1.4.4-4.0.1.AXS3.src.rpm
MD5: 3a38fd551f05457895ed461022c193ad
SHA-256: be784316c2c65585821982bcbea62bff6dd05384519fbbf54592b31f0c3fe5f5
Size: 623.11 kB
Asianux Server 3 for x86
- pcsc-lite-1.4.4-4.0.1.AXS3.i386.rpm
MD5: c140b3f89c4896e29f80a3eec4a0fe03
SHA-256: f9cca927729c15a55706903245f28bbe36205f3a339bf215badd8e4fe07619a0
Size: 124.23 kB - pcsc-lite-devel-1.4.4-4.0.1.AXS3.i386.rpm
MD5: 4f7ec94f7c2071bbb20620feb07ea0e0
SHA-256: 071e10bf7b7dc801bc84c508e87df393ad055fb5369d6a05d35679532fdf1422
Size: 16.10 kB - pcsc-lite-libs-1.4.4-4.0.1.AXS3.i386.rpm
MD5: 5409b20958351c9f047f35322b883618
SHA-256: 74e09d6f90ce2df70b66a6765534f2001f4afba8ef7248d0909cecd28361ccea
Size: 23.66 kB
Asianux Server 3 for x86_64
- pcsc-lite-1.4.4-4.0.1.AXS3.x86_64.rpm
MD5: 3e472da40c1c26571ae6ce55f394aa83
SHA-256: 0262f6e4ac0e37e8e368c0d0e9b5adb370ac8fdcf14445ef2b0e5d1211a6e50e
Size: 126.19 kB - pcsc-lite-devel-1.4.4-4.0.1.AXS3.x86_64.rpm
MD5: d7f7af1b3f1f10ecdb03765238986db4
SHA-256: 223ea622ab1e2336b4a76256da7b34901481b88de8d0f0038e57d6a10ab671eb
Size: 16.07 kB - pcsc-lite-libs-1.4.4-4.0.1.AXS3.x86_64.rpm
MD5: 0f35026e2caa3e1c9fd74f856cc7cbba
SHA-256: d1c53fdf6ebd81d55e9cc276647c57ef353a3fdc7e5924088137475f3a8b02be
Size: 23.99 kB