GLSA-201401-17 : PCSC-Lite: Arbitrary code execution
Medium Nessus Plugin ID 72072
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201401-17 (PCSC-Lite: Arbitrary code execution)
PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler (atrhandler.c).
A physically proximate attacker could execute arbitrary code or cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll PCSC-Lite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/pcsc-lite-1.6.6' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 10, 2011. It is likely that your system is already no longer affected by this issue.