When a smart card can root your computer
A buffer overflow flaw in the open source smart card library OpenSC can be exploited to inject and execute malicious code on a system. According to UK security company MWR InfoSecurity, the bug in the library is triggered when reading serial numbers from smart cards. The card-atrust-acos.c, card-acos5.c and card-starcos.c drivers in OpenSC version 0.11.1 are all affected.
Starcos and Acos5 cards are used to store private cryptographic keys and are deployed in the Public Key Infrastructure (PKI) field. The bug is unlikely to be exploitable using standard chip cards, although card simulators are able to send a crafted serial number to a terminal. MWR reports that it has developed a proof-of-concept exploit.
MWR does not discuss specific targets for such an attack, but attacks on systems which require chip card authentication are certainly conceivable. Under Windows, code injected via the OpenSC vulnerability would be able to run with system privileges. The OpenSC development team has released patches to fix the vulnerabilities in all three drivers.
(crve)