FreeBSD : Use-After-Free Vulnerability in pcsc-lite (c218873d-d444-11e6-84ef-f0def167eeea)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Peter Wu on Openwall mailing-list reports :

The issue allows a local attacker to cause a Denial of Service, but
can potentially result in Privilege Escalation since the daemon is
running as root. while any local user can connect to the Unix socket.
Fixed by patch which is released with hpcsc-lite 1.8.20.

See also :

http://www.openwall.com/lists/oss-security/2017/01/03/2
http://www.nessus.org/u?745b6573

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96371 ()

Bugtraq ID:

CVE ID: CVE-2016-10109

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now