Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
ac6ebe3e80c94ef71b87596fed3b9abc035eac39b47350d22b2067cd1b78886d============================================================================
Ubuntu Security Notice USN-1354-1
February 01, 2012
usbmuxd vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
usbmuxd could be made to crash or run programs if it received specially
crafted input.
Software Description:
- usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices
Details:
It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libusbmuxd1 1.0.7-1ubuntu0.11.10.1
Ubuntu 11.04:
libusbmuxd1 1.0.7-1ubuntu0.11.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1354-1
CVE-2012-0065
Package Information:
https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed