ccid: arbitrary code execution

LWN published a message about "ccid: arbitrary code execution":

ccid: arbitrary code execution


Package(s): ccid CVE #(s): CVE-2010-4530
Created: January 14, 2011 Updated: February 3, 2011
Description: From the Red Hat bugzilla:
An integer overflow, leading to array index error was found
in the way USB CCID (Chip/Smart Card Interface Devices) driver
processed certain values of card serial number. A local attacker
could use this flaw to execute arbitrary code, with the privileges
of the user running the pcscd daemon, via a malicious smart card
with specially-crafted value of its serial number, inserted to
the system USB port.
Alerts:
Fedora FEDORA-2011-0162 2011-01-05
Fedora FEDORA-2011-0143 2011-01-05
Mandriva MDVSA-2011:014 2011-01-20
openSUSE openSUSE-SU-2011:0092-1 2011-02-02
Pardus 2011-22 2011-02-02

The description of the problem is not exact. The problem is present in file ccid/src/ccid_serial.c and only impacts the GemPC Twin connected to a serial port.

The bug was fixed on 5th November 2010 in revisions 5381 and 5382, more than a month before MWR published a InfoSecurity Security Advisory PCSC-Lite: libccid Buffer Overflow on 13th December 2010.

Debian 6.0 was released just yesterday. The libccid package in this version contains the fix. Debian did not released a Debian Security Advisory because the bug is minor.