Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in usbmuxd
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in usbmuxd
ID: USN-1354-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04, Ubuntu 11.10
Datum: Mi, 1. Februar 2012, 19:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065
Applikationen: usbmuxd

Originalnachricht


--===============1305061151529365043==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-Pj6JH8YXl6khOBV4tKdg"


--=-Pj6JH8YXl6khOBV4tKdg
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1354-1
February 01, 2012

usbmuxd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

usbmuxd could be made to crash or run programs if it received specially
crafted input.

Software Description:
- usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices

Details:

It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libusbmuxd1 1.0.7-1ubuntu0.11.10.1

Ubuntu 11.04:
libusbmuxd1 1.0.7-1ubuntu0.11.04.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1354-1
CVE-2012-0065

Package Information:
https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1



--Ùj6JH8YXl6khOBV4tKdg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPKXXfAAoJEFHb3FjMVZVzkpoQAIbGWFpR4C0HZiPNMtig6X6/
HYVC2xZdW0TQ2PYAyfOBr8t8as/n9f6dhW15ZhEaaOa7HpAzTp4/qGywcQSqUbTN
vLOUZByE6G1UTdbxMND7tLgJa3XdDJbZRlsW/HznDt+UwSut+VuufCN/F09osihK
vyAncfaXBaSC/cwDwMbIifzUh3C/i8oOleIizOYbc8cG/lgxSOM8apGvlS/D94hK
diJI444yQ76SBpuuBju41W3E3s1QQprqZ8nFDMcfCYWLeozmuFq+5xsoxjGOT3jv
UrdqV6YXSD5spgf/pFB3pIfHiTKD96nUDRbQLYBuxBfqJALnBxFi8Xl88KQV0I0c
gVCVOJ2/daNDys6TxyOYGREvQ48FMEeMadgZS6cPN58HYOaD+I8RYtC31L/vvLuf
b/Gn3tpZGeQe/srFrV5wC57lTA09J/yrvRxOWsnD49i503+Xt/RN2nHz8FpGK3EM
OS5KAER9vZocS5q6oTt7tEBRmDYFEqgtIVXw83j974QzozAENIZ2d1syNoHYNtha
wQngxuhggT8JpL164f5kIexZBLwDNcgr8QeVT6fyXkJPp639EU6he3UQffKZCNzg
JitLBXydgTRtWFGVKq+u4QrNXbQr7S1t22BJXDGBuGDkSbqbr3kw29hWrjZ8ArwX
kZlQRMCXl47fe587KbHD
=SYpQ
-----END PGP SIGNATURE-----

--=-Pj6JH8YXl6khOBV4tKdg--



--===============1305061151529365043==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1305061151529365043==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung