You are here

T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

January 4, 2011 - 5:52pm

Addthis

PROBLEM:

OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

PLATFORM:

Vulnerable Platform: OpenSC 0.11.13

ABSTRACT:

OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

reference LINKS: 

SecurityFocus - OpenSC Smart Card Serial
CVE-2010-4523 OpenSC: Three stack-based buffer overflows
CVE-2010-4523 - Three stack-based buffer overflows

IMPACT ASSESSMENT:

Moderate
 

Discussion:

OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. OpenSC 0.11.13 is vulnerable; other versions may also be affected.

Solution:

The vendor has fixed the issue in the SVN repository. Please see the references for more information: http://www.opensc-project.org/opensc/wiki/SecurityAdvisories

Addthis