CVE-2009-4902
18.06.2010, 16:30
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.Enginsight
| Vendor | Product | Version |
|---|---|---|
| muscle | pcsc-lite | 𝑥 ≤ 1.5.4 |
| muscle | pcsc-lite | 1.1.2:beta2 |
| muscle | pcsc-lite | 1.1.2:beta3 |
| muscle | pcsc-lite | 1.1.2:beta4 |
| muscle | pcsc-lite | 1.1.2:beta5 |
| muscle | pcsc-lite | 1.2.0 |
| muscle | pcsc-lite | 1.2.0:rc1 |
| muscle | pcsc-lite | 1.2.0:rc2 |
| muscle | pcsc-lite | 1.2.0:rc3 |
| muscle | pcsc-lite | 1.2.9:beta1 |
| muscle | pcsc-lite | 1.2.9:beta10 |
| muscle | pcsc-lite | 1.2.9:beta2 |
| muscle | pcsc-lite | 1.2.9:beta3 |
| muscle | pcsc-lite | 1.2.9:beta4 |
| muscle | pcsc-lite | 1.2.9:beta5 |
| muscle | pcsc-lite | 1.2.9:beta6 |
| muscle | pcsc-lite | 1.2.9:beta7 |
| muscle | pcsc-lite | 1.2.9:beta8 |
| muscle | pcsc-lite | 1.2.9:beta9 |
| muscle | pcsc-lite | 1.3.0 |
| muscle | pcsc-lite | 1.3.1 |
| muscle | pcsc-lite | 1.3.2 |
| muscle | pcsc-lite | 1.3.3 |
| muscle | pcsc-lite | 1.4.0 |
| muscle | pcsc-lite | 1.4.1 |
| muscle | pcsc-lite | 1.4.2 |
| muscle | pcsc-lite | 1.4.3 |
| muscle | pcsc-lite | 1.4.4 |
| muscle | pcsc-lite | 1.4.99 |
| muscle | pcsc-lite | 1.4.100 |
| muscle | pcsc-lite | 1.4.101 |
| muscle | pcsc-lite | 1.4.102 |
| muscle | pcsc-lite | 1.5.0 |
| muscle | pcsc-lite | 1.5.1 |
| muscle | pcsc-lite | 1.5.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References