Download
| Alert*
oval:org.secpod.oval:def:114979
yubico-piv-tool is installed oval:org.secpod.oval:def:603743 yubico-piv-tool is installed oval:org.secpod.oval:def:114978 The Yubico PIV tool is used for interacting with the Privilege and Identification Card applet on a YubiKey NEO. With it you may generate keys on the device, importing keys and certificates, and create certificate requests, and other operations. A shared library and a command-line tool is included. oval:org.secpod.oval:def:114980 The Yubico PIV tool is used for interacting with the Privilege and Identification Card applet on a YubiKey NEO. With it you may generate keys on the device, importing keys and certificates, and create certificate requests, and other operations. A shared library and a command-line tool is included. oval:org.secpod.oval:def:705377 yubico-piv-tool: Command line tool for the YubiKey PIV applet Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:2000404 A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data`: {% highlight c %} if { fprintf; } if { memcpy; out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is cl ... oval:org.secpod.oval:def:89050901 This update for yubico-piv-tool fixes the following issues: Security issues fixed: - Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data, which could be triggered by a malicious token. - Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object, w ... oval:org.secpod.oval:def:2000400 An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object`: {% highlight c %} if { size_t outlen; int offs = _ykpiv_get_length; if { return YKPIV_SIZE_ERROR; } memmove; *len = outlen; ret ... |