Uočen je sigurnosni propust u radu programskog paketa usbmuxd kojeg zlonamjerni napadači mogu iskoristiti za proizvoljno pokretanje programskog koda s ovlastima "usbmux" korisnika i DoS (eng. Denial of Service) napad.
Paket:
usbmuxd 1.x
Operacijski sustavi:
Fedora 15, Fedora 16
Kritičnost:
4.6
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0065
Izvorni ID preporuke:
FEDORA-2012-1192
Izvor:
Fedora
Problem:
Ranjivost je povezana s nepravilnom provjerom podataka prilikom obrade polja "SerialNumber" priključenog USB uređaja.
Posljedica:
Napadač s fizičkim pristupom može iskoristiti propust i pokrenuti proizvoljni programski kod s ovlastima "usbmux" korisnika i izvršiti napad uskraćivanjem usluga (DoS napad).
Rješenje:
Svim se korisnicima savjetuje korištenje odgovarajućih zakrpa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1192
2012-02-02 16:54:40
--------------------------------------------------------------------------------
Name : usbmuxd
Product : Fedora 16
Version : 1.0.7
Release : 3.fc16
URL : http://marcansoft.com/uploads/
Summary : Daemon for communicating with Apple's iPod Touch and iPhone
Description :
usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPhone
devices. It allows multiple services on the device to be accessed
simultaneously.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2012-0065
It was discovered that usbmuxd did not correctly perform bounds checking when
processing the SerialNumber field of USB devices. An attacker with physical
access could use this to crash usbmuxd or potentially execute arbitrary code as
the 'usbmux' user.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 2 2012 Peter Robinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0.7-3
- Add debian patch for CVE-2012-0065. Fixes RHBZ 783523
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #783523 - CVE-2012-0065 usbmuxd 1.0.7 receive_packet() Buffer
Overflow Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=783523
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update usbmuxd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1213
2012-02-02 16:55:34
--------------------------------------------------------------------------------
Name : usbmuxd
Product : Fedora 15
Version : 1.0.7
Release : 3.fc15
URL : http://marcansoft.com/uploads/
Summary : Daemon for communicating with Apple's iPod Touch and iPhone
Description :
usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPhone
devices. It allows multiple services on the device to be accessed
simultaneously.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2012-0065
It was discovered that usbmuxd did not correctly perform bounds checking when
processing the SerialNumber field of USB devices. An attacker with physical
access could use this to crash usbmuxd or potentially execute arbitrary code as
the 'usbmux' user.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 2 2012 Peter Robinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0.7-3
- Add debian patch for CVE-2012-0065. Fixes RHBZ 783523
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #783523 - CVE-2012-0065 usbmuxd 1.0.7 receive_packet() Buffer
Overflow Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=783523
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update usbmuxd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke