Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0065

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2012-0065
Last Modified 17 Jan 2014 12:00:48
Published 06 Oct 2012 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0065

Summary

Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.

Vulnerable Systems

Application

  • Nikias Bassen Usbmuxd 1.0.5

  • Nikias Bassen Usbmuxd 1.0.6

  • Nikias Bassen Usbmuxd 1.0.7


References

MISC - https://bugs.gentoo.org/show_bug.cgi?id=399409

XF - usbmuxd-libusbmuxd-bo(72546)

BID - 51573

SECUNIA - 47545

MLIST - [oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability

MLIST - [oss-security] 20120119 CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability

CONFIRM - http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6

MLIST - [oss-security] 20120119 CVE request: usbmuxd 1.0.7

MLIST - [oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7

MANDRIVA - MDVSA-2012:133

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228

MANDRIVA - MDVSA-2013:133

Related Patches

Novell SUSE 2012:5871 usbmuxd security update for SLED 11 SP2 i586

Novell SUSE 2012:5871 usbmuxd security update for SLED 11 SP2 x86_64


Last Updated: 27 May 2016 11:00:53