Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:011 (opensc)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68739

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:011 (opensc)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to opensc
announced via advisory MDVSA-2011:011.

A vulnerability has been found and corrected in opensc:

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13
and earlier allow physically proximate attackers to execute arbitrary
code via a long serial-number field on a smart card, related to
(1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c
(CVE-2010-4523).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:011

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4523
BugTraq ID: 45435
http://www.securityfocus.com/bid/45435
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:011
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html
http://openwall.com/lists/oss-security/2010/12/21/2
http://openwall.com/lists/oss-security/2010/12/22/3
http://secunia.com/advisories/42658
http://secunia.com/advisories/42807
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0009
http://www.vupen.com/english/advisories/2011/0109
http://www.vupen.com/english/advisories/2011/0212

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68739
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:011 (opensc)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to opensc announced via advisory MDVSA-2011:011. A vulnerability has been found and corrected in opensc: Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c (CVE-2010-4523). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:011 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4523 BugTraq ID: 45435 http://www.securityfocus.com/bid/45435 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:011 http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html http://openwall.com/lists/oss-security/2010/12/21/2 http://openwall.com/lists/oss-security/2010/12/22/3 http://secunia.com/advisories/42658 http://secunia.com/advisories/42807 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2011/0009 http://www.vupen.com/english/advisories/2011/0109 http://www.vupen.com/english/advisories/2011/0212
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com