Buffer overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| opensc (Debian) |
Fix Released
|
Unknown
|
||
| opensc (Ubuntu) |
Low
|
Unassigned | ||
| Hardy |
Low
|
Unassigned | ||
| Karmic |
Low
|
Unassigned | ||
| Lucid |
Low
|
Unassigned | ||
| Maverick |
Low
|
Unassigned | ||
| Natty |
Low
|
Unassigned |
Bug Description
Binary package hint: opensc
A potential security problem exists at least in Ubuntu 10.04 LTS and was fixed upstream in https:/
Testing: the package was tested on Lucid, no regression was obvious.
Torsten Spindler (tspindler) wrote : | #1 |
Torsten Spindler (tspindler) wrote : | #2 |
Torsten Spindler (tspindler) wrote : | #3 |
I've built a patched package for testing in https:/
A first test of the patched package on a smartcard enabled system was successful.
description: | updated |
Torsten Spindler (tspindler) wrote : | #15 |
tags: | added: patch |
Kees Cook (kees) wrote : | #16 |
FWIW, I think the compiler flags[1] will reduce this vulnerability from being exploitable to only being a denial of service, but additional study would be needed.
Torsten Spindler (tspindler) wrote : | #17 |
Torsten Spindler (tspindler) wrote : | #18 |
security vulnerability: | no → yes |
Changed in opensc (Ubuntu Lucid): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in opensc (Ubuntu Maverick): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in opensc (Ubuntu Natty): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Launchpad Janitor (janitor) wrote : | #19 |
This bug was fixed in the package opensc - 0.11.13-1ubuntu4
---------------
opensc (0.11.13-1ubuntu4) natty; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/
- debian/
by rogue cards. (LP: #692483)
-- Torsten Spindler (Canonical) <email address hidden> Tue, 21 Dec 2010 09:50:33 +0100
Changed in opensc (Ubuntu Natty): | |
status: | Confirmed → Fix Released |
Jamie Strandboge (jdstrand) wrote : | #20 |
ACK
Changed in opensc (Ubuntu Lucid): | |
status: | Confirmed → Fix Committed |
Changed in opensc (Ubuntu Maverick): | |
status: | Confirmed → Fix Committed |
Jamie Strandboge (jdstrand) wrote : | #21 |
Thanks for your patches! These look great and I have uploaded them to the security PPA. When they finish building, I will push them to the archive.
Minor nit: with DEP-3 quilt patches you don't need the DEP-3 comments commented out with '##'. Eg, the following is preferred:
Description: Fix buffer overflow
Origin: upstream, https:/
Bug-Ubuntu: https:/
Jamie Strandboge (jdstrand) wrote : | #22 |
Used submittodebian to open http://
Torsten Spindler (tspindler) wrote : | #23 |
Torsten Spindler (tspindler) wrote : | #24 |
Jamie Strandboge (jdstrand) wrote : | #25 |
Torsten, thanks for the patches for the older releases. The karmic debdiff only has template text for the DEP-3 comments, and the hardy debdiff should have the DEP-3 info in the debian/changelog since there isn't a patch system.
Jamie Strandboge (jdstrand) wrote : | #26 |
Also, the hardy debdiff has 'jaunty' instead of 'hardy-security' and uses the wrong version for hardy. It should be 0.11.4-2ubuntu2.1. I'll fix these up in the interest of time.
Changed in opensc (Ubuntu Hardy): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in opensc (Ubuntu Karmic): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Jamie Strandboge (jdstrand) wrote : | #27 |
Karmic also had the wrong version. In the future, please review https:/
Artur Rona (ari-tczew) wrote : | #28 |
We can use even short URLs in DEP3:
instead https:/
I really preffer https:/
Regards and thanks for patch.
MOTU SWAT
Jamie Strandboge (jdstrand) wrote : | #29 |
Karmic also had the wrong version. In the future, please review https:/
Changed in opensc (Ubuntu Hardy): | |
status: | Confirmed → Fix Committed |
Changed in opensc (Ubuntu Karmic): | |
status: | Confirmed → Fix Committed |
Launchpad Janitor (janitor) wrote : | #30 |
This bug was fixed in the package opensc - 0.11.13-1ubuntu2.1
---------------
opensc (0.11.13-
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/
- debian/
by rogue cards. (LP: #692483)
-- Torsten Spindler (Canonical) <email address hidden> Mon, 20 Dec 2010 13:51:01 +0100
Launchpad Janitor (janitor) wrote : | #31 |
This bug was fixed in the package opensc - 0.11.12-1ubuntu3.2
---------------
opensc (0.11.12-
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/
- debian/
by rogue cards. (LP: #692483)
-- Torsten Spindler (Canonical) <email address hidden> Mon, 20 Dec 2010 11:00:40 +0100
Launchpad Janitor (janitor) wrote : | #32 |
This bug was fixed in the package opensc - 0.11.8-1ubuntu2.1
---------------
opensc (0.11.8-1ubuntu2.1) karmic-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/
- debian/
by rogue cards. (LP: #692483)
-- Torsten Spindler (Canonical) <email address hidden> Tue, 21 Dec 2010 16:12:30 +0100
Launchpad Janitor (janitor) wrote : | #33 |
This bug was fixed in the package opensc - 0.11.4-2ubuntu2.1
---------------
opensc (0.11.4-2ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- Move MIN and MAX macros from muscle.c to internal.h
- https:/
- Fix potential buffer overflow by rogue cards. (LP: #692483)
- update card-acos5.c, card-atrust-acos.c and card-starcos.c to use
MIN macros to protect against buffer overflow
- https:/
-- Torsten Spindler (Canonical) <email address hidden> Tue, 21 Dec 2010 16:34:32 +0100
Changed in opensc (Ubuntu Hardy): | |
status: | Fix Committed → Fix Released |
Changed in opensc (Ubuntu Karmic): | |
status: | Fix Committed → Fix Released |
Changed in opensc (Ubuntu Lucid): | |
status: | Fix Committed → Fix Released |
Changed in opensc (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Jonathan Wiltshire (jwiltshire) wrote : | #34 |
For the record, this is CVE-2010-4523 and it's being tracked in Debian bug #607427 (#607732 was a duplicate)
Thanks Jonathan! I caught the update today but missed the original bug.
Sorry about that.
Changed in opensc (Debian): | |
status: | Unknown → Fix Released |
The problem seems to be also in the git repo from upstream Debian, git://git. debian. org/git/ pkg-opensc/ opensc. git . The attached patches are taken from opensc upstream (https:/ /www.opensc- project. org/opensc/ changeset/ 4912 and https:/ /www.opensc- project. org/opensc/ changeset/ 4913).