CVE-2012-0065
SUSE Linux Enterprise Desktop 11 SP2,openSUSE 11.4
CVE-2012-0065, security advisory, novell, suse linux, suse, security, cve

CVE-2012-0065

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-0065 at MITRE

Description

Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.64
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 742546 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • usbmuxd >= 1.0.7-5.10.1
Patchnames:
sledsp2-usbmuxd
SUSE Linux Enterprise Desktop 11 SP2
  • usbmuxd >= 1.0.7-5.10.1
sled11-sp2.x86-64
sled11-sp2.x86
SAT Patch Nr: 5871
openSUSE 11.4
  • iproxy >= 1.0.7-3.5.1
  • libusbmuxd-devel >= 1.0.7-3.5.1
  • libusbmuxd1 >= 1.0.7-3.5.1
  • usbmuxd >= 1.0.7-3.5.1
openSUSE 11.4
  • iproxy >= 1.0.7-3.5.1
  • iproxy-debuginfo >= 1.0.7-3.5.1
  • libusbmuxd-devel >= 1.0.7-3.5.1
  • libusbmuxd1 >= 1.0.7-3.5.1
  • libusbmuxd1-debuginfo >= 1.0.7-3.5.1
  • usbmuxd >= 1.0.7-3.5.1
  • usbmuxd-debuginfo >= 1.0.7-3.5.1
  • usbmuxd-debugsource >= 1.0.7-3.5.1
Patchnames:
iproxy