usbmuxd: User-assisted execution of arbitrary code

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 201203-11 / usbmuxd
Release Date	March 06, 2012
Latest Revision	March 06, 2012: 1
Impact	normal
Exploitable	local

Package	Vulnerable versions	Unaffected versions	Architecture(s)
app-pda/usbmuxd	< 1.0.7-r1	>= 1.0.7-r1	All supported architectures

Related bugreports: #399409

Synopsis

A buffer overflow vulnerability in usbmuxd could result in the execution of arbitrary code.

2. Impact Information

Background

usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices.

Description

The "receive_packet()" function in libusbmuxd.c contains a boundary error when parsing the "SerialNumber" field of a USB device, which could cause a heap-based buffer overflow.

Impact

An attacker could gain physical access or entice a user to connect to a malicious USB device, possibly resulting in execution of arbitrary code with the privileges of the "usbmux" user.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All usbmuxd users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-pda/usbmuxd-1.0.7-r1"

4. References

CVE-2012-0065

Page updated March 06, 2012

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.