U programskom paketu usbmuxd otkriven je sigurnosni propust koji lokalnom napadaču omogućuje izvođenje DoS napada i pokretanje proizvoljnog programskog koda.
Zbog nepravilne provjere granica pri obradi polja SerialNumber u funkciji "receive_packet()" (libusbmuxd/libusbmuxd.c) moguća je pojava preljeva međuspremnika.
Posljedica:
Napadač s fizičkim pristupom računalu može izvesti napad uskraćivanjem usluge (DoS) i pokrenuti proizvoljni programski kod.
==========================================================================
Ubuntu Security Notice USN-1354-1
February 01, 2012
usbmuxd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
usbmuxd could be made to crash or run programs if it received specially
crafted input.
Software Description:
- usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices
Details:
It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libusbmuxd1 1.0.7-1ubuntu0.11.10.1
Ubuntu 11.04:
libusbmuxd1 1.0.7-1ubuntu0.11.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1354-1
CVE-2012-0065
Package Information:
https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1
Posljednje sigurnosne preporuke