The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0007.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Muscle
  • Pcsc-lite
Redhat
  • Certificate System
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta3:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta4:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta5:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta1:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta10:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta2:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta3:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta4:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta5:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta6:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta7:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta8:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta9:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.99:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.100:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.101:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.4.102:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:1.5.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
Red Hat Enterprise Linux 5
pcsc-lite-0:1.4.4-4.el5_5 cpe:/o:redhat:enterprise_linux:5 RHSA-2010:0533 2010-07-14T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2009-4864 The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
Ubuntu USN Ubuntu USN USN-969-1 PCSC-Lite vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html cve-icon cve-icon
http://secunia.com/advisories/40140 cve-icon cve-icon
http://secunia.com/advisories/40239 cve-icon cve-icon
http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-2059 cve-icon cve-icon
http://www.securityfocus.com/bid/40758 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1427 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1508 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=596426 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-4901 cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-4901 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T07:17:25.900Z

Reserved: 2010-06-18T00:00:00

Link: CVE-2009-4901

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2010-06-18T16:30:01.233

Modified: 2025-04-11T00:51:21.963

Link: CVE-2009-4901

cve-icon Redhat

Severity : Moderate

Publid Date: 2010-06-10T00:00:00Z

Links: CVE-2009-4901 - Bugzilla

cve-icon OpenCVE Enrichment

No data.