Date: Thu, 19 Jan 2012 16:29:01 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability rigan has reported a vulnerability in usbmuxd, which potentially can be exploited by malicious people with physical access to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_packet()" function (libusbmuxd/libusbmuxd.c) when processing a property list containing an overly long "SerialNumber" field, which can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow the execution of arbitrary code, but requires that the attacker is able to connect a malicious USB device. https://secunia.com/advisories/47545/ https://bugs.gentoo.org/show_bug.cgi?id=399409 source code commit: http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6 -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.