Ubuntu: 1354-1: usbmuxd vulnerability
Posted by Benjamin D. Thomas   
Ubuntu usbmuxd could be made to crash or run programs if it received speciallycrafted input.
==========================================================================
Ubuntu Security Notice USN-1354-1
February 01, 2012

usbmuxd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

usbmuxd could be made to crash or run programs if it received specially
crafted input.

Software Description:
- usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices

Details:

It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libusbmuxd1                     1.0.7-1ubuntu0.11.10.1

Ubuntu 11.04:
  libusbmuxd1                     1.0.7-1ubuntu0.11.04.1

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1354-1
  CVE-2012-0065

Package Information:
  https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1
  https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1