buffer overflow introduced in 1.0.7 (CVE-2012-0065)

Bug #919435 reported by Julien Lavergne on 2012-01-20
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
usbmuxd (Debian)
Fix Released
Unknown
usbmuxd (Ubuntu)
Medium
Unassigned
Natty
Medium
Jamie Strandboge
Oneiric
Medium
Jamie Strandboge
Precise
Medium
Unassigned

Bug Description

From Debian bug tracker : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656581
Version 1.0.7-1 is affected, including precise, oneiric and natty.
Patch available upstream : http://cgit.sukimashita.com/usbmuxd.git/commit/?id=8968476bb5262d8aef20cb199337b174d338beb8
Fixed package available on mentors.debian.net : http://mentors.debian.net/package/usbmuxd

Changed in usbmuxd (Debian):
status: Unknown → Confirmed
Changed in usbmuxd (Debian):
status: Confirmed → Fix Released
visibility: private → public
Changed in usbmuxd (Ubuntu Natty):
status: New → Confirmed
Changed in usbmuxd (Ubuntu Oneiric):
status: New → Confirmed
Changed in usbmuxd (Ubuntu Precise):
status: New → Confirmed
Changed in usbmuxd (Ubuntu Natty):
importance: Undecided → Medium
Changed in usbmuxd (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in usbmuxd (Ubuntu Precise):
importance: Undecided → Medium
Leo Iannacone (l3on) on 2012-01-27
Changed in usbmuxd (Ubuntu Precise):
assignee: nobody → Leo Iannacone (l3on)
Leo Iannacone (l3on) on 2012-01-29
Changed in usbmuxd (Ubuntu Oneiric):
assignee: nobody → Leo Iannacone (l3on)
Changed in usbmuxd (Ubuntu Natty):
assignee: nobody → Leo Iannacone (l3on)
Leo Iannacone (l3on) on 2012-01-29
Changed in usbmuxd (Ubuntu Natty):
assignee: Leo Iannacone (l3on) → nobody
Changed in usbmuxd (Ubuntu Oneiric):
assignee: Leo Iannacone (l3on) → nobody
Changed in usbmuxd (Ubuntu Precise):
assignee: Leo Iannacone (l3on) → nobody
Changed in usbmuxd (Ubuntu Precise):
status: Confirmed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Thanks for the update. The patch for Oneiric looks fine, but it does not conform to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Since this is officially supported and easy to fix, I will update it and upload.

Changed in usbmuxd (Ubuntu Oneiric):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → In Progress
Changed in usbmuxd (Ubuntu Natty):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → In Progress
Jamie Strandboge (jdstrand) wrote :

Same for Natty.

Jamie Strandboge (jdstrand) wrote :

Uploaded to the security ppa.

Changed in usbmuxd (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in usbmuxd (Ubuntu Oneiric):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package usbmuxd - 1.0.7-1ubuntu0.11.10.1

---------------
usbmuxd (1.0.7-1ubuntu0.11.10.1) oneiric-security; urgency=high

  * SECURITY UPDATE: fix possible buffer overflow
    - 90-cve-2012-0065.patch: use strncpy() instead of strcpy in
      libusbmuxd/libusbmuxd.c receive_packet() with a size that
      ensures we don't overflow dev->serial_number
    - CVE-2012-0065
    - LP: #919435
 -- Leo Iannacone <email address hidden> Sun, 29 Jan 2012 16:14:32 +0100

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package usbmuxd - 1.0.7-1ubuntu0.11.04.1

---------------
usbmuxd (1.0.7-1ubuntu0.11.04.1) natty-security; urgency=high

  * SECURITY UPDATE: fix possible buffer overflow
    - 90-cve-2012-0065.patch: use strncpy() instead of strcpy in
      libusbmuxd/libusbmuxd.c receive_packet() with a size that
      ensures we don't overflow dev->serial_number
    - CVE-2012-0065
    - LP: #919435
 -- Leo Iannacone <email address hidden> Sun, 29 Jan 2012 16:14:32 +0100

Changed in usbmuxd (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in usbmuxd (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.