MWR InfoSecurity identified a vulnerability in OpenSC. The vulnerability can be triggered using a malicious smart card.
A buffer overflow vulnerability was identified in the code handling the smart card’s serial number in the following drivers:
- card-atrust-acos.c
- card-acos5.c
- card-starcos.c
An attacker could use this vulnerability to execute arbitrary code in the target system. To successfully exploit this vulnerability the attacker will be required to insert a specially crafted smart card in the target system.
The vendor has implemented a fix. Users should upgrade to the latest version of OpenSC.
More information is available here.