Ubuntu
pcsc-lite package

[Security] pcsc-lite buffer overflows - CVE-2010-0407

Bug #603657 reported by Brian Thomason
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pcsc-lite (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Hardy
Won't Fix
Undecided
Unassigned
Jaunty
Fix Released
Undecided
Brian Thomason
Karmic
Fix Released
Undecided
Kees Cook
Lucid
Fix Released
Undecided
Kees Cook
Maverick
Invalid
Undecided
Unassigned

Bug Description

pcsc-lite in Jaunty is vulnerable to buffer overflows in the Smart Card daemon which can allow local users to gain root privs.

Brian Thomason (brian-thomason)
Changed in pcsc-lite (Ubuntu):
status: New → In Progress
assignee: nobody → Brian Thomason (brian-thomason)
Revision history for this message
Brian Thomason (brian-thomason) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

NAK for jaunty patch. It is not identical to 1.4.102-1+lenny3 (the latest version in Lenny that contains a regression fix).

Please resubmit using the fix in 1.4.102-1+lenny3, resubscribe ubuntu-security-sponsors and set the status to 'NEW' when the changes are complete. Thanks!

Changed in pcsc-lite (Ubuntu Maverick):
status: In Progress → Confirmed
visibility: private → public
Changed in pcsc-lite (Ubuntu Jaunty):
status: New → Incomplete
assignee: nobody → Brian Thomason (brian-thomason)
Changed in pcsc-lite (Ubuntu Maverick):
assignee: Brian Thomason (brian-thomason) → nobody
Revision history for this message
Brian Thomason (brian-thomason) wrote :
Changed in pcsc-lite (Ubuntu Jaunty):
status: Incomplete → New
Revision history for this message
Brian Thomason (brian-thomason) wrote :

Good catch Jamie, thanks!

papukaija (papukaija)
tags: added: jaunty maverick patch
Kees Cook (kees)
Changed in pcsc-lite (Ubuntu Dapper):
status: New → Confirmed
Changed in pcsc-lite (Ubuntu Jaunty):
status: New → Confirmed
Changed in pcsc-lite (Ubuntu Lucid):
status: New → Confirmed
Changed in pcsc-lite (Ubuntu Karmic):
status: New → Confirmed
Changed in pcsc-lite (Ubuntu Maverick):
status: Confirmed → Invalid
Changed in pcsc-lite (Ubuntu Hardy):
status: New → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

Thanks for the patch! I've got this uploaded to the security queue now.

Changed in pcsc-lite (Ubuntu Jaunty):
status: Confirmed → Fix Committed
Changed in pcsc-lite (Ubuntu Karmic):
status: Confirmed → Fix Committed
Changed in pcsc-lite (Ubuntu Lucid):
status: Confirmed → Fix Committed
Changed in pcsc-lite (Ubuntu Karmic):
assignee: nobody → Kees Cook (kees)
Changed in pcsc-lite (Ubuntu Lucid):
assignee: nobody → Kees Cook (kees)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pcsc-lite - 1.5.3-1ubuntu4.1

---------------
pcsc-lite (1.5.3-1ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: fix buffer overflows (LP: #603657)
    - modified src/winscard_svc.c: Fix buffer overflows which allow local
      users to to gain privileges via crafted message data, which is
      improperly demarshalled. Patch provided by Debian in Lenny (DSA-2059-1)
      and Brian Thomason.
    - CVE-2010-0407
 -- Kees Cook <email address hidden> Tue, 27 Jul 2010 16:19:03 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pcsc-lite - 1.5.3-1ubuntu1.1

---------------
pcsc-lite (1.5.3-1ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: fix buffer overflows (LP: #603657)
    - modified src/winscard_svc.c: Fix buffer overflows which allow local
      users to to gain privileges via crafted message data, which is
      improperly demarshalled. Patch provided by Debian in Lenny (DSA-2059-1)
      and Brian Thomason.
    - CVE-2010-0407
 -- Kees Cook <email address hidden> Tue, 27 Jul 2010 16:20:27 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pcsc-lite - 1.4.102-1ubuntu2.1

---------------
pcsc-lite (1.4.102-1ubuntu2.1) jaunty-security; urgency=low

  * SECURITY UPDATE: fix buffer overflows (LP: #603657)
  - modified src/winscard_svc.c: Fix buffer overflows which allow local users to
     to gain privileges via crafted message data, which is improperly
     demarshalled. Patch provided by Debian in Lenny. (DSA-2059-1)
  - CVE-2010-0407
 -- Brian Thomason <email address hidden> Fri, 09 Jul 2010 12:05:26 -0400

Changed in pcsc-lite (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Changed in pcsc-lite (Ubuntu Karmic):
status: Fix Committed → Fix Released
Changed in pcsc-lite (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Dapper universe is generally no longer actively supported (excepting server packages in main). If someone wants to create a patch and test it for Dapper, please attach and mark the Dapper task as Confiremed. Marking Won't Fix for now.

Changed in pcsc-lite (Ubuntu Dapper):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Unsuscribing ubuntu-security-sponsors as there is no patch available for Hardy.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.

Changed in pcsc-lite (Ubuntu Hardy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.