Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 19 Jan 2012 16:31:41 -0700

On 01/19/2012 04:29 PM, Kurt Seifried wrote:
rigan has reported a vulnerability in usbmuxd, which potentially can be
exploited by malicious people with physical access to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_packet()" function (libusbmuxd/libusbmuxd.c) when processing a
property list containing an overly long "SerialNumber" field, which can
be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow the execution of arbitrary code, but
requires that the attacker is able to connect a malicious USB device.


source code commit:

What a well formed CVE request ;)

Please use CVE-2012-0065 for this issue.


-- Kurt Seifried / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]