thr3ads.net - Secure testing team - [Secure-testing-team] Bug#656581: usbmuxd: buffer overflow introduced in 1.0.7 (CVE-2012-0065) [Jan 2012]

If this information is useful, please help other people find it:
Share via:

Yves-Alexis Perez

2012-Jan-20 09:51 UTC

[Secure-testing-team] Bug#656581: usbmuxd: buffer overflow introduced in 1.0.7 (CVE-2012-0065)

Package: usbmuxd
Version: 1.0.7-1
Severity: grave
Tags: security patch upstream
Justification: user security hole

Hi,

a buffer overflow was introduced in usbmuxd 1.0.7. More information can
be found on various sources:

http://openwall.com/lists/oss-security/2012/01/19/25
https://secunia.com/advisories/47545/
https://bugs.gentoo.org/show_bug.cgi?id=399409

and a patch is available at
http://git.marcansoft.com/?p=usbmuxd.git;a=commit;
h=f794991993af56a74795891b4ff9da506bc893e6

Regards,
-- 
Yves-Alexis                                           

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''testing''), (500, ''stable''), (500,
''oldstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages usbmuxd depends on:
ii  adduser       3.113
ii  libc6         2.13-24
ii  libplist1     1.8-1
ii  libusb-1.0-0  2:1.0.9~rc3-3
ii  libusbmuxd1   1.0.7-1

usbmuxd recommends no packages.

usbmuxd suggests no packages.

-- no debconf information

Secure testing team - Jan 2012 - Bug#656581: usbmuxd: buffer overflow introduced in 1.0.7 (CVE-2012-0065)

[Secure-testing-team] Bug#656581: usbmuxd: buffer overflow introduced in 1.0.7 (CVE-2012-0065)