Ubuntu 11.04 / 11.10 : usbmuxd vulnerability (USN-1354-1)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that usbmuxd did not correctly perform bounds
checking when processing the SerialNumber field of USB devices. An
attacker with physical access could use this to crash usbmuxd or
potentially execute arbitrary code as the 'usbmux' user.

Solution :

Update the affected libusbmuxd1 package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 57790 ()

Bugtraq ID: 51573

CVE ID: CVE-2012-0065