drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in usbmuxd
Name: |
Ausführen beliebiger Kommandos in usbmuxd |
|
ID: |
USN-1354-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Mi, 1. Februar 2012, 19:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065 |
|
Applikationen: |
usbmuxd |
|
Originalnachricht |
--===============1305061151529365043== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Pj6JH8YXl6khOBV4tKdg"
--=-Pj6JH8YXl6khOBV4tKdg Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1354-1 February 01, 2012
usbmuxd vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04
Summary:
usbmuxd could be made to crash or run programs if it received specially crafted input.
Software Description: - usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices
Details:
It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libusbmuxd1 1.0.7-1ubuntu0.11.10.1
Ubuntu 11.04: libusbmuxd1 1.0.7-1ubuntu0.11.04.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1354-1 CVE-2012-0065
Package Information: https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1
--Ùj6JH8YXl6khOBV4tKdg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPKXXfAAoJEFHb3FjMVZVzkpoQAIbGWFpR4C0HZiPNMtig6X6/ HYVC2xZdW0TQ2PYAyfOBr8t8as/n9f6dhW15ZhEaaOa7HpAzTp4/qGywcQSqUbTN vLOUZByE6G1UTdbxMND7tLgJa3XdDJbZRlsW/HznDt+UwSut+VuufCN/F09osihK vyAncfaXBaSC/cwDwMbIifzUh3C/i8oOleIizOYbc8cG/lgxSOM8apGvlS/D94hK diJI444yQ76SBpuuBju41W3E3s1QQprqZ8nFDMcfCYWLeozmuFq+5xsoxjGOT3jv UrdqV6YXSD5spgf/pFB3pIfHiTKD96nUDRbQLYBuxBfqJALnBxFi8Xl88KQV0I0c gVCVOJ2/daNDys6TxyOYGREvQ48FMEeMadgZS6cPN58HYOaD+I8RYtC31L/vvLuf b/Gn3tpZGeQe/srFrV5wC57lTA09J/yrvRxOWsnD49i503+Xt/RN2nHz8FpGK3EM OS5KAER9vZocS5q6oTt7tEBRmDYFEqgtIVXw83j974QzozAENIZ2d1syNoHYNtha wQngxuhggT8JpL164f5kIexZBLwDNcgr8QeVT6fyXkJPp639EU6he3UQffKZCNzg JitLBXydgTRtWFGVKq+u4QrNXbQr7S1t22BJXDGBuGDkSbqbr3kw29hWrjZ8ArwX kZlQRMCXl47fe587KbHD =SYpQ -----END PGP SIGNATURE-----
--=-Pj6JH8YXl6khOBV4tKdg--
--===============1305061151529365043== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1305061151529365043==--
|
|
|
|