Executive Summary
Summary | |
---|---|
Title | usbmuxd vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1354-1 | First vendor Publication | 2012-02-01 |
Vendor | Ubuntu | Last vendor Modification | 2012-02-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 Summary: usbmuxd could be made to crash or run programs if it received specially crafted input. Software Description: - usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices Details: It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: Ubuntu 11.04: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1354-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17581 | |||
Oval ID: | oval:org.mitre.oval:def:17581 | ||
Title: | USN-1354-1 -- usbmuxd vulnerability | ||
Description: | usbmuxd could be made to crash or run programs if it received specially crafted input. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1354-1 CVE-2012-0065 | Version: | 7 |
Platform(s): | Ubuntu 11.10 Ubuntu 11.04 | Product(s): | usbmuxd |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-17 | Name : Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd) File : nvt/gb_mandriva_MDVSA_2012_133.nasl |
2012-04-02 | Name : Fedora Update for usbmuxd FEDORA-2012-1192 File : nvt/gb_fedora_2012_1192_usbmuxd_fc16.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-11 (usbmuxd) File : nvt/glsa_201203_11.nasl |
2012-02-21 | Name : Fedora Update for usbmuxd FEDORA-2012-1213 File : nvt/gb_fedora_2012_1213_usbmuxd_fc15.nasl |
2012-02-03 | Name : Ubuntu Update for usbmuxd USN-1354-1 File : nvt/gb_ubuntu_USN_1354_1.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-140.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_iproxy-120223.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-133.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-133.nasl - Type : ACT_GATHER_INFO |
2012-03-12 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_usbmuxd-120223.nasl - Type : ACT_GATHER_INFO |
2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-11.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1192.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1213.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1354-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:59:38 |
|