Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2012 16:29:01 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability

rigan has reported a vulnerability in usbmuxd, which potentially can be
exploited by malicious people with physical access to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_packet()" function (libusbmuxd/libusbmuxd.c) when processing a
property list containing an overly long "SerialNumber" field, which can
be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow the execution of arbitrary code, but
requires that the attacker is able to connect a malicious USB device.

https://secunia.com/advisories/47545/
https://bugs.gentoo.org/show_bug.cgi?id=399409

source code commit:
http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ