CVE-2012-0065 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nikias Bassen	Usbmuxd

Configuration 1 [-]

OR	cpe:2.3:a:nikias_bassen:usbmuxd:1.0.5:::::::*
	cpe:2.3:a:nikias_bassen:usbmuxd:1.0.6:::::::*
	cpe:2.3:a:nikias_bassen:usbmuxd:1.0.7:::::::*

No data.

References

Link	Providers
http://git.marcansoft.com/?p=usbmuxd.git%3Ba=commitdiff%3Bh=f794991993af56a74795891b4ff9da506bc893e6
http://openwall.com/lists/oss-security/2012/01/19/25
http://openwall.com/lists/oss-security/2012/01/19/26
http://secunia.com/advisories/47545
http://www.mandriva.com/security/advisories?name=MDVSA-2012:133
http://www.mandriva.com/security/advisories?name=MDVSA-2013:133
http://www.securityfocus.com/bid/51573
https://bugs.gentoo.org/show_bug.cgi?id=399409
https://exchange.xforce.ibmcloud.com/vulnerabilities/72546
https://nvd.nist.gov/vuln/detail/CVE-2012-0065
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228
https://www.cve.org/CVERecord?id=CVE-2012-0065

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-06T21:00:00

Updated: 2024-08-06T18:16:18.595Z

Reserved: 2011-12-07T00:00:00

Link: CVE-2012-0065

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-10-06T21:55:03.330

Modified: 2024-11-21T01:34:19.370

Link: CVE-2012-0065

Redhat

Severity : Low

Publid Date: 2012-01-12T00:00:00Z

Links: CVE-2012-0065 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "MDVSA-2013:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:133"}, {"name": "[oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/01/19/26"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228"}, {"name": "51573", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51573"}, {"name": "MDVSA-2012:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:133"}, {"name": "47545", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47545"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.marcansoft.com/?p=usbmuxd.git%3Ba=commitdiff%3Bh=f794991993af56a74795891b4ff9da506bc893e6"}, {"name": "usbmuxd-libusbmuxd-bo(72546)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72546"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=399409"}, {"name": "[oss-security] 20120119 CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/01/19/25"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:16:18.595Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2013:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:133"}, {"name": "[oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/01/19/26"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228"}, {"name": "51573", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51573"}, {"name": "MDVSA-2012:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:133"}, {"name": "47545", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47545"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.marcansoft.com/?p=usbmuxd.git%3Ba=commitdiff%3Bh=f794991993af56a74795891b4ff9da506bc893e6"}, {"name": "usbmuxd-libusbmuxd-bo(72546)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72546"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=399409"}, {"name": "[oss-security] 20120119 CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/01/19/25"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0065", "datePublished": "2012-10-06T21:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:16:18.595Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nikias_bassen:usbmuxd:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "F1E262F0-5090-410D-8C31-E4ECF01858A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nikias_bassen:usbmuxd:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A2BD15DF-1F5F-48B1-8BB8-A17B16877B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:nikias_bassen:usbmuxd:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6D1EEA34-4A7C-4A1E-8CBB-FD46570548BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n receive_packet en libusbmuxd/libusbmuxd.c en usbmuxd v1.0.5 hasta v1.0.7 permite a atacantes f\u00edsicamente pr\u00f3ximos a ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo SerialNumber largo en una lista de propiedades."}], "id": "CVE-2012-0065", "lastModified": "2024-11-21T01:34:19.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-06T21:55:03.330", "references": [{"source": "secalert@redhat.com", "url": "http://git.marcansoft.com/?p=usbmuxd.git%3Ba=commitdiff%3Bh=f794991993af56a74795891b4ff9da506bc893e6"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2012/01/19/25"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2012/01/19/26"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47545"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:133"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:133"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/51573"}, {"source": "secalert@redhat.com", "url": "https://bugs.gentoo.org/show_bug.cgi?id=399409"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72546"}, {"source": "secalert@redhat.com", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.marcansoft.com/?p=usbmuxd.git%3Ba=commitdiff%3Bh=f794991993af56a74795891b4ff9da506bc893e6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2012/01/19/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2012/01/19/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51573"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=399409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72546"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}