severity 607780 important
tags 607780 upstream
thank

Le 22/12/2010 00:08, Michael Gilbert a écrit :
package: ccid
version: 1.3.8-1
severity: serious
tags: security

an advisory has been issued for the pcsc-lite ccid driver:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf

Thanks.

i have checked that the vulnerable code is present in both lenny and

To trigger the bug the attacker needs to connect a serial reader to the host. And then needs to have a physical access to the computer.

To enable the serial reader the attacker needs to edit the file /etc/reader.conf and configure the use of the connected serial reader. So the attacker must have root access to trigger the buffer overflow.

I downgrade the severity to important. I don't think I will fix the bug for squeeze.

Bye

--
 Ludovic



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to