ID CVE-2010-4530
Summary Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:muscle:pcsc-lite:1.5.3
    cpe:2.3:a:muscle:pcsc-lite:1.5.3
CVSS
Base: 4.4 (as of 18-01-2011 - 14:21)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1323.NASL
    description An updated ccid package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : * The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a 'IFDHPowerICC() PowerUp failed' error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected. (BZ#907821) All ccid users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 70247
    published 2013-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70247
    title RHEL 5 : ccid (RHSA-2013:1323)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PCSC-CCID-110121.NASL
    description An integer overflow in pcsc-ccid and a buffer overflow in pcsc-lite while handling smart card responses have been fixed. CVE-2010-4530 / CVE-2010-4531 have been assigned to these issues. Additionally a new device ID for card readers was added.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51844
    published 2011-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51844
    title SuSE 11.1 Security Update : pcsc-lite (SAT Patch Number 3889)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130221_CCID_ON_SL6_X.NASL
    description An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : - Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65008
    published 2013-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65008
    title Scientific Linux Security Update : ccid on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0523.NASL
    description An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : * Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply. (BZ#808115) All users of ccid are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64770
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64770
    title RHEL 6 : ccid (RHSA-2013:0523)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0523.NASL
    description An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : * Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply. (BZ#808115) All users of ccid are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65154
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65154
    title CentOS 6 : ccid (CESA-2013:0523)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-16 (CCID: Arbitrary code execution) CCID contains an integer overflow vulnerability in ccid_serial.c. Impact : A physically proximate attacker could execute arbitrary code via a smart card with a specially crafted serial number. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 72071
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72071
    title GLSA-201401-16 : CCID: Arbitrary code execution
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBPCSCLITE1-110105.NASL
    description An integer overflow in pcsc-ccid and a buffer overflow in pcsc-lite while handling smart card responses have been fixed. CVE-2010-4530 and CVE-2010-4531 have been assigned to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53754
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53754
    title openSUSE Security Update : libpcsclite1 (openSUSE-SU-2011:0092-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1323.NASL
    description From Red Hat Security Advisory 2013:1323 : An updated ccid package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : * The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a 'IFDHPowerICC() PowerUp failed' error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected. (BZ#907821) All ccid users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 70285
    published 2013-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70285
    title Oracle Linux 5 : ccid (ELSA-2013-1323)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130930_CCID_ON_SL5_X.NASL
    description An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : - The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a 'IFDHPowerICC() PowerUp failed' error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70388
    published 2013-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70388
    title Scientific Linux Security Update : ccid on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBPCSCLITE1-110105.NASL
    description An integer overflow in pcsc-ccid and a buffer overflow in pcsc-lite while handling smart card responses have been fixed. CVE-2010-4530 and CVE-2010-4531 have been assigned to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75602
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75602
    title openSUSE Security Update : libpcsclite1 (openSUSE-SU-2011:0092-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0143.NASL
    description This update fixes the following security issue : An integer overflow, leading to array index error was found in the way USB CCID (Chip/Smart Card Interface Devices) driver processed certain values of card serial number. A local attacker could use this flaw to execute arbitrary code, with the privileges of the user running the pcscd daemon, via a malicious smart card with specially crafted value of its serial number, inserted to the system USB port. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 51516
    published 2011-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51516
    title Fedora 13 : ccid-1.3.11-2.fc13 (2011-0143)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0523.NASL
    description From Red Hat Security Advisory 2013:0523 : An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : * Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply. (BZ#808115) All users of ccid are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68759
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68759
    title Oracle Linux 6 : ccid (ELSA-2013-0523)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1323.NASL
    description An updated ccid package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially crafted smart card. (CVE-2010-4530) This update also fixes the following bug : * The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a 'IFDHPowerICC() PowerUp failed' error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected. (BZ#907821) All ccid users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79152
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79152
    title CentOS 5 : ccid (CESA-2013:1323)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0162.NASL
    description This update fixes the following security issue : An integer overflow, leading to array index error was found in the way USB CCID (Chip/Smart Card Interface Devices) driver processed certain values of card serial number. A local attacker could use this flaw to execute arbitrary code, with the privileges of the user running the pcscd daemon, via a malicious smart card with specially crafted value of its serial number, inserted to the system USB port. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 51517
    published 2011-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51517
    title Fedora 14 : ccid-1.4.0-2.fc14 (2011-0162)
redhat via4
advisories
  • bugzilla
    id 664986
    title CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards
    oval
    AND
    • comment ccid is earlier than 0:1.3.9-6.el6
      oval oval:com.redhat.rhsa:tst:20130523005
    • comment ccid is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20130523006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    rhsa
    id RHSA-2013:0523
    released 2013-02-21
    severity Low
    title RHSA-2013:0523: ccid security and bug fix update (Low)
  • bugzilla
    id 664986
    title CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment ccid is earlier than 0:1.3.8-2.el5
      oval oval:com.redhat.rhsa:tst:20131323002
    • comment ccid is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20131323003
    rhsa
    id RHSA-2013:1323
    released 2013-09-30
    severity Low
    title RHSA-2013:1323: ccid security and bug fix update (Low)
rpms
  • ccid-0:1.3.9-6.el6
  • ccid-0:1.3.8-2.el5
refmap via4
bid 45806
confirm
fedora
  • FEDORA-2011-0143
  • FEDORA-2011-0162
mandriva MDVSA-2011:014
misc http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
mlist
  • [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]
  • [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]
vupen
  • ADV-2011-0100
  • ADV-2011-0179
xf pcsclite-ccid-code-execution(64961)
Last major update 07-12-2016 - 22:01
Published 18-01-2011 - 13:03
Last modified 16-08-2017 - 21:33
Back to Top