Ubuntu 12.10 / 13.04 : libimobiledevice vulnerability (USN-1927-1)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Paul Collins discovered that libimobiledevice incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files and access device keys. In the default
Ubuntu installation, this issue should be mitigated by the Yama link
restrictions.

Solution :

Update the affected libimobiledevice3 package.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 2.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 69367 ()

Bugtraq ID: 60249

CVE ID: CVE-2013-2142