CVE-2010-0407 – pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages

https://notcve.org/view.php?id=CVE-2010-0407

Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. Múltiple desbordamiento de búfer en la función MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (también conocido como PCSCD) en MUSCLE PCSC-Lite anteriores a v1.5.4, permite a usuarios locales obtener privilegios a través de los datos de un mensaje manipulados, que es deserializado de forma inadecuada. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://secunia.com/advisories/40140 http://secunia.com/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •