Solution
Please Install the Updated Packages.
Insight
PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407, CVE-2009-4901)
Users of pcsc-lite should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the pcscd daemon will be restarted automatically.
Affected
pcsc-lite on Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4901, CVE-2009-4902, CVE-2010-0407 -
CVSS Base Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities