Subject: [ASA-201701-12] pcsclite: privilege escalation Arch Linux Security Advisory ASA-201701-12 ========================================== Severity: Medium Date : 2017-01-04 CVE-ID : CVE-2016-10109 Package : pcsclite Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-126 Summary ======= The package pcsclite before version 1.8.20-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 1.8.20-1. # pacman -Syu "pcsclite>=1.8.20-1" The problem has been fixed upstream in version 1.8.20. Workaround ========== None. Description =========== The SCardReleaseContext function normally releases resources associated with the given handle (including "cardsList") and clients should cease using this handle. A malicious client can however make the daemon invoke SCardReleaseContext and continue issuing other commands that use "cardsList", resulting in a use-after-free. When SCardReleaseContext is invoked multiple times, it additionally results in a double-free of "cardsList". The issue allows a local attacker to cause a denial of service, but can potentially result in privilege escalation since the daemon is running as root while any local user can connect to the Unix socket. Fixed by patch "SCardReleaseContext: prevent use-after-free of cardsList" which is released with hpcsc-lite 1.8.20 on 30 December 2016. Impact ====== A local attacker is able to cause a denial of service or escalate privileges by sending specially crafted commands to pcscd. References ========== https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22 http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html http://marc.info/?l=oss-security&m=148345047107588 https://security.archlinux.org/CVE-2016-10109