Summary
This host is installed with OpenSC and is prone to multiple buffer overflow vulnerabilities.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial of service conditions.
Impact Level: Application
Solution
Upgrade to OpenSC 0.12.0 or later.
For updates refer to http://www.opensc-project.org/opensc
Insight
The flaws are due to boundary errors in the 'acos_get_serialnr()', 'acos5_get_serialnr()', and 'starcos_get_serialnr()' functions when reading out the serial number of smart cards.
Affected
OpenSC version 0.11.13 and prior.
References
Severity
Classification
-
CVE CVE-2010-4523 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
- Audacity Buffer Overflow Vulnerability (Linux)
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- Audacity Buffer Overflow Vulnerability (Win)