Date: Thu, 19 Jan 2012 16:31:41 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability On 01/19/2012 04:29 PM, Kurt Seifried wrote: > rigan has reported a vulnerability in usbmuxd, which potentially can be > exploited by malicious people with physical access to compromise a > vulnerable system. > > The vulnerability is caused due to a boundary error within the > "receive_packet()" function (libusbmuxd/libusbmuxd.c) when processing a > property list containing an overly long "SerialNumber" field, which can > be exploited to cause a heap-based buffer overflow. > > Successful exploitation may allow the execution of arbitrary code, but > requires that the attacker is able to connect a malicious USB device. > > https://secunia.com/advisories/47545/ > https://bugs.gentoo.org/show_bug.cgi?id=399409 > > source code commit: > http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6 > What a well formed CVE request ;) Please use CVE-2012-0065 for this issue. -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ