ID OPENVAS:1361412562310863887 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for usbmuxd FEDORA-2012-1192
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073433.html");
script_oid("1.3.6.1.4.1.25623.1.0.863887");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2012-04-02 12:28:18 +0530 (Mon, 02 Apr 2012)");
script_cve_id("CVE-2012-0065");
script_xref(name:"FEDORA", value:"2012-1192");
script_name("Fedora Update for usbmuxd FEDORA-2012-1192");
script_tag(name:"summary", value:"The remote host is missing an update for the 'usbmuxd'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC16");
script_tag(name:"affected", value:"usbmuxd on Fedora 16");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC16")
{
if ((res = isrpmvuln(pkg:"usbmuxd", rpm:"usbmuxd~1.0.7~3.fc16", rls:"FC16")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310863887", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for usbmuxd FEDORA-2012-1192", "description": "The remote host is missing an update for the ", "published": "2012-04-02T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863887", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012-1192", "http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073433.html"], "cvelist": ["CVE-2012-0065"], "lastseen": "2019-05-29T18:38:57", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1192", "CVE-2012-0065"]}, {"type": "ubuntu", "idList": ["USN-1354-1"]}, {"type": "openvas", "idList": ["OPENVAS:840883", "OPENVAS:1361412562310840883", "OPENVAS:863745", "OPENVAS:71195", "OPENVAS:1361412562310863745", "OPENVAS:863887", "OPENVAS:136141256231071195", "OPENVAS:1361412562310831722", "OPENVAS:831722"]}, {"type": "nessus", "idList": ["FEDORA_2012-1213.NASL", "MANDRIVA_MDVSA-2013-133.NASL", "SUSE_11_4_IPROXY-120223.NASL", "OPENSUSE-2012-140.NASL", "FEDORA_2012-1192.NASL", "SUSE_11_USBMUXD-120223.NASL", "MANDRIVA_MDVSA-2012-133.NASL", "UBUNTU_USN-1354-1.NASL", "GENTOO_GLSA-201203-11.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12167", "SECURITYVULNS:DOC:27612"]}, {"type": "gentoo", "idList": ["GLSA-201203-11"]}, {"type": "fedora", "idList": ["FEDORA:4A62E211F0", "FEDORA:9AEEB211A8"]}], "modified": "2019-05-29T18:38:57", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:38:57", "rev": 2}, "vulnersScore": 6.1}, "pluginID": "1361412562310863887", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for usbmuxd FEDORA-2012-1192\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073433.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863887\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:28:18 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_xref(name:\"FEDORA\", value:\"2012-1192\");\n script_name(\"Fedora Update for usbmuxd FEDORA-2012-1192\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'usbmuxd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"usbmuxd on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"usbmuxd\", rpm:\"usbmuxd~1.0.7~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:05:58", "description": "Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.", "edition": 3, "cvss3": {}, "published": "2012-10-06T21:55:00", "title": "CVE-2012-0065", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0065"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:nikias_bassen:usbmuxd:1.0.5", "cpe:/a:nikias_bassen:usbmuxd:1.0.7", "cpe:/a:nikias_bassen:usbmuxd:1.0.6"], "id": "CVE-2012-0065", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0065", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nikias_bassen:usbmuxd:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:nikias_bassen:usbmuxd:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:nikias_bassen:usbmuxd:1.0.7:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T01:39:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0065"], "description": "It was discovered that usbmuxd did not correctly perform bounds checking \nwhen processing the SerialNumber field of USB devices. An attacker with \nphysical access could use this to crash usbmuxd or potentially execute \narbitrary code as the 'usbmux' user.", "edition": 5, "modified": "2012-02-01T00:00:00", "published": "2012-02-01T00:00:00", "id": "USN-1354-1", "href": "https://ubuntu.com/security/notices/USN-1354-1", "title": "usbmuxd vulnerability", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:51:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-11.", "modified": "2017-07-07T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:71195", "href": "http://plugins.openvas.org/nasl.php?oid=71195", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-11 (usbmuxd)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow vulnerability in usbmuxd could result in the\n execution of arbitrary code.\";\ntag_solution = \"All usbmuxd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-pda/usbmuxd-1.0.7-r1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=399409\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-11.\";\n\n \n \nif(description)\n{\n script_id(71195);\n script_cve_id(\"CVE-2012-0065\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-11 (usbmuxd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-pda/usbmuxd\", unaffected: make_list(\"ge 1.0.7-r1\"), vulnerable: make_list(\"lt 1.0.7-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310863745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863745", "type": "openvas", "title": "Fedora Update for usbmuxd FEDORA-2012-1213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for usbmuxd FEDORA-2012-1213\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073428.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863745\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:03 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_xref(name:\"FEDORA\", value:\"2012-1213\");\n script_name(\"Fedora Update for usbmuxd FEDORA-2012-1213\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'usbmuxd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"usbmuxd on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n if ((res = isrpmvuln(pkg:\"usbmuxd\", rpm:\"usbmuxd~1.0.7~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1354-1", "modified": "2019-03-13T00:00:00", "published": "2012-02-03T00:00:00", "id": "OPENVAS:1361412562310840883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840883", "type": "openvas", "title": "Ubuntu Update for usbmuxd USN-1354-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1354_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for usbmuxd USN-1354-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1354-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840883\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-03 11:25:29 +0530 (Fri, 03 Feb 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_xref(name:\"USN\", value:\"1354-1\");\n script_name(\"Ubuntu Update for usbmuxd USN-1354-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1354-1\");\n script_tag(name:\"affected\", value:\"usbmuxd on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that usbmuxd did not correctly perform bounds checking\n when processing the SerialNumber field of USB devices. An attacker with\n physical access could use this to crash usbmuxd or potentially execute\n arbitrary code as the 'usbmux' user.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libusbmuxd1\", ver:\"1.0.7-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-17T00:00:00", "id": "OPENVAS:1361412562310831722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831722", "type": "openvas", "title": "Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:133\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831722\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-17 10:23:08 +0530 (Fri, 17 Aug 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:133\");\n script_name(\"Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'usbmuxd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2011\\.0\");\n script_tag(name:\"affected\", value:\"usbmuxd on Mandriva Linux 2011.0\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that usbmuxd did not correctly perform bounds\n checking when processing the SerialNumber field of USB devices. An\n attacker with physical access could use this to crash usbmuxd\n or potentially execute arbitrary code as the 'usbmux' user\n (CVE-2012-0065).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd1\", rpm:\"libusbmuxd1~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd-devel\", rpm:\"libusbmuxd-devel~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbmuxd\", rpm:\"usbmuxd~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64usbmuxd1\", rpm:\"lib64usbmuxd1~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64usbmuxd-devel\", rpm:\"lib64usbmuxd-devel~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "Check for the Version of usbmuxd", "modified": "2017-12-27T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:863745", "href": "http://plugins.openvas.org/nasl.php?oid=863745", "type": "openvas", "title": "Fedora Update for usbmuxd FEDORA-2012-1213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for usbmuxd FEDORA-2012-1213\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"usbmuxd on Fedora 15\";\ntag_insight = \"usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPhone\n devices. It allows multiple services on the device to be accessed\n simultaneously.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073428.html\");\n script_id(863745);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:03 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_xref(name: \"FEDORA\", value: \"2012-1213\");\n script_name(\"Fedora Update for usbmuxd FEDORA-2012-1213\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of usbmuxd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n if ((res = isrpmvuln(pkg:\"usbmuxd\", rpm:\"usbmuxd~1.0.7~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:56:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "Check for the Version of usbmuxd", "modified": "2018-01-03T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863887", "href": "http://plugins.openvas.org/nasl.php?oid=863887", "type": "openvas", "title": "Fedora Update for usbmuxd FEDORA-2012-1192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for usbmuxd FEDORA-2012-1192\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"usbmuxd on Fedora 16\";\ntag_insight = \"usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPhone\n devices. It allows multiple services on the device to be accessed\n simultaneously.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073433.html\");\n script_id(863887);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:28:18 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_xref(name: \"FEDORA\", value: \"2012-1192\");\n script_name(\"Fedora Update for usbmuxd FEDORA-2012-1192\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of usbmuxd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"usbmuxd\", rpm:\"usbmuxd~1.0.7~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "Check for the Version of usbmuxd", "modified": "2017-12-28T00:00:00", "published": "2012-08-17T00:00:00", "id": "OPENVAS:831722", "href": "http://plugins.openvas.org/nasl.php?oid=831722", "type": "openvas", "title": "Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that usbmuxd did not correctly perform bounds\n checking when processing the SerialNumber field of USB devices. An\n attacker with physical access could use this to crash usbmuxd\n or potentially execute arbitrary code as the 'usbmux' user\n (CVE-2012-0065).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"usbmuxd on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:133\");\n script_id(831722);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-17 10:23:08 +0530 (Fri, 17 Aug 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:133\");\n script_name(\"Mandriva Update for usbmuxd MDVSA-2012:133 (usbmuxd)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of usbmuxd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd1\", rpm:\"libusbmuxd1~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd-devel\", rpm:\"libusbmuxd-devel~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbmuxd\", rpm:\"usbmuxd~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64usbmuxd1\", rpm:\"lib64usbmuxd1~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64usbmuxd-devel\", rpm:\"lib64usbmuxd-devel~1.0.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:19:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1354-1", "modified": "2017-12-01T00:00:00", "published": "2012-02-03T00:00:00", "id": "OPENVAS:840883", "href": "http://plugins.openvas.org/nasl.php?oid=840883", "type": "openvas", "title": "Ubuntu Update for usbmuxd USN-1354-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1354_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for usbmuxd USN-1354-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that usbmuxd did not correctly perform bounds checking\n when processing the SerialNumber field of USB devices. An attacker with\n physical access could use this to crash usbmuxd or potentially execute\n arbitrary code as the 'usbmux' user.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1354-1\";\ntag_affected = \"usbmuxd on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1354-1/\");\n script_id(840883);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-03 11:25:29 +0530 (Fri, 03 Feb 2012)\");\n script_cve_id(\"CVE-2012-0065\");\n script_xref(name: \"USN\", value: \"1354-1\");\n script_name(\"Ubuntu Update for usbmuxd USN-1354-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libusbmuxd1\", ver:\"1.0.7-1ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-11.", "modified": "2018-10-12T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071195", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071195", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-11 (usbmuxd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_11.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71195\");\n script_cve_id(\"CVE-2012-0065\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-11 (usbmuxd)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A buffer overflow vulnerability in usbmuxd could result in the\n execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All usbmuxd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-pda/usbmuxd-1.0.7-r1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-11\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399409\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-11.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-pda/usbmuxd\", unaffected: make_list(\"ge 1.0.7-r1\"), vulnerable: make_list(\"lt 1.0.7-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0065"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1354-1\r\nFebruary 01, 2012\r\n\r\nusbmuxd vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n\r\nSummary:\r\n\r\nusbmuxd could be made to crash or run programs if it received specially\r\ncrafted input.\r\n\r\nSoftware Description:\r\n- usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices\r\n\r\nDetails:\r\n\r\nIt was discovered that usbmuxd did not correctly perform bounds checking\r\nwhen processing the SerialNumber field of USB devices. An attacker with\r\nphysical access could use this to crash usbmuxd or potentially execute\r\narbitrary code as the 'usbmux' user.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libusbmuxd1 1.0.7-1ubuntu0.11.10.1\r\n\r\nUbuntu 11.04:\r\n libusbmuxd1 1.0.7-1ubuntu0.11.04.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1354-1\r\n CVE-2012-0065\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1\r\n https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1\r\n", "edition": 1, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "SECURITYVULNS:DOC:27612", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27612", "title": "[USN-1354-1] usbmuxd vulnerability", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0065"], "description": "Buffer overflow on USB device SerialNumber parsing.", "edition": 1, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "SECURITYVULNS:VULN:12167", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12167", "title": "usbmuxd buffer overflow", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0065"], "description": "### Background\n\nusbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices. \n\n### Description\n\nThe \"receive_packet()\" function in libusbmuxd.c contains a boundary error when parsing the \"SerialNumber\" field of a USB device, which could cause a heap-based buffer overflow. \n\n### Impact\n\nAn attacker could gain physical access or entice a user to connect to a malicious USB device, possibly resulting in execution of arbitrary code with the privileges of the \"usbmux\" user. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll usbmuxd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-pda/usbmuxd-1.0.7-r1\"", "edition": 1, "modified": "2012-03-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "GLSA-201203-11", "href": "https://security.gentoo.org/glsa/201203-11", "type": "gentoo", "title": "usbmuxd: User-assisted execution of arbitrary code", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0065"], "description": "usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPho ne devices. It allows multiple services on the device to be accessed simultaneously. ", "modified": "2012-02-17T23:53:07", "published": "2012-02-17T23:53:07", "id": "FEDORA:4A62E211F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: usbmuxd-1.0.7-3.fc15", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0065"], "description": "usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPho ne devices. It allows multiple services on the device to be accessed simultaneously. ", "modified": "2012-02-17T23:54:23", "published": "2012-02-17T23:54:23", "id": "FEDORA:9AEEB211A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: usbmuxd-1.0.7-3.fc16", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:53:30", "description": "The remote host is affected by the vulnerability described in GLSA-201203-11\n(usbmuxd: User-assisted execution of arbitrary code)\n\n The 'receive_packet()' function in libusbmuxd.c contains a boundary\n error when parsing the 'SerialNumber' field of a USB device, which could\n cause a heap-based buffer overflow.\n \nImpact :\n\n An attacker could gain physical access or entice a user to connect to a\n malicious USB device, possibly resulting in execution of arbitrary code\n with the privileges of the 'usbmux' user.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-03-06T00:00:00", "title": "GLSA-201203-11 : usbmuxd: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:usbmuxd"], "id": "GENTOO_GLSA-201203-11.NASL", "href": "https://www.tenable.com/plugins/nessus/58221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58221);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0065\");\n script_bugtraq_id(51573);\n script_xref(name:\"GLSA\", value:\"201203-11\");\n\n script_name(english:\"GLSA-201203-11 : usbmuxd: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-11\n(usbmuxd: User-assisted execution of arbitrary code)\n\n The 'receive_packet()' function in libusbmuxd.c contains a boundary\n error when parsing the 'SerialNumber' field of a USB device, which could\n cause a heap-based buffer overflow.\n \nImpact :\n\n An attacker could gain physical access or entice a user to connect to a\n malicious USB device, possibly resulting in execution of arbitrary code\n with the privileges of the 'usbmux' user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All usbmuxd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-pda/usbmuxd-1.0.7-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-pda/usbmuxd\", unaffected:make_list(\"ge 1.0.7-r1\"), vulnerable:make_list(\"lt 1.0.7-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"usbmuxd\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:09", "description": "Updated usbmuxd packages fix security vulnerability :\n\nIt was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user\n(CVE-2012-0065).", "edition": 25, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : usbmuxd (MDVSA-2013:133)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:usbmuxd", "p-cpe:/a:mandriva:linux:lib64usbmuxd-devel", "p-cpe:/a:mandriva:linux:lib64usbmuxd1"], "id": "MANDRIVA_MDVSA-2013-133.NASL", "href": "https://www.tenable.com/plugins/nessus/66145", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:133. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66145);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0065\");\n script_bugtraq_id(51573);\n script_xref(name:\"MDVSA\", value:\"2013:133\");\n script_xref(name:\"MGASA\", value:\"2012-0228\");\n\n script_name(english:\"Mandriva Linux Security Advisory : usbmuxd (MDVSA-2013:133)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated usbmuxd packages fix security vulnerability :\n\nIt was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user\n(CVE-2012-0065).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64usbmuxd-devel, lib64usbmuxd1 and / or usbmuxd\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64usbmuxd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64usbmuxd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64usbmuxd-devel-1.0.7-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64usbmuxd1-1.0.7-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"usbmuxd-1.0.7-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:49", "description": "It was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user\n(CVE-2012-0065).\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : usbmuxd (MDVSA-2012:133)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2012-09-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:usbmuxd", "p-cpe:/a:mandriva:linux:libusbmuxd-devel", "p-cpe:/a:mandriva:linux:lib64usbmuxd-devel", "p-cpe:/a:mandriva:linux:libusbmuxd1", "p-cpe:/a:mandriva:linux:lib64usbmuxd1"], "id": "MANDRIVA_MDVSA-2012-133.NASL", "href": "https://www.tenable.com/plugins/nessus/61981", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:133. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61981);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0065\");\n script_bugtraq_id(51573);\n script_xref(name:\"MDVSA\", value:\"2012:133\");\n\n script_name(english:\"Mandriva Linux Security Advisory : usbmuxd (MDVSA-2012:133)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user\n(CVE-2012-0065).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64usbmuxd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64usbmuxd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libusbmuxd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libusbmuxd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64usbmuxd-devel-1.0.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64usbmuxd1-1.0.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libusbmuxd-devel-1.0.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libusbmuxd1-1.0.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"usbmuxd-1.0.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:57", "description": "Fixes CVE-2012-0065\n\nIt was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-02-20T00:00:00", "title": "Fedora 16 : usbmuxd-1.0.7-3.fc16 (2012-1192)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2012-02-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:usbmuxd", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-1192.NASL", "href": "https://www.tenable.com/plugins/nessus/58013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1192.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58013);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0065\");\n script_bugtraq_id(51573);\n script_xref(name:\"FEDORA\", value:\"2012-1192\");\n\n script_name(english:\"Fedora 16 : usbmuxd-1.0.7-3.fc16 (2012-1192)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-0065\n\nIt was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=783523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16c74988\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected usbmuxd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"usbmuxd-1.0.7-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"usbmuxd\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:57", "description": "Fixes CVE-2012-0065\n\nIt was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-02-20T00:00:00", "title": "Fedora 15 : usbmuxd-1.0.7-3.fc15 (2012-1213)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2012-02-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:usbmuxd", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-1213.NASL", "href": "https://www.tenable.com/plugins/nessus/58014", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1213.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58014);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0065\");\n script_bugtraq_id(51573);\n script_xref(name:\"FEDORA\", value:\"2012-1213\");\n\n script_name(english:\"Fedora 15 : usbmuxd-1.0.7-3.fc15 (2012-1213)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-0065\n\nIt was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=783523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f90f992\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected usbmuxd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"usbmuxd-1.0.7-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"usbmuxd\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:37:20", "description": "It was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2012-02-02T00:00:00", "title": "Ubuntu 11.04 / 11.10 : usbmuxd vulnerability (USN-1354-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libusbmuxd1", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1354-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1354-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57790);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-0065\");\n script_bugtraq_id(51573);\n script_xref(name:\"USN\", value:\"1354-1\");\n\n script_name(english:\"Ubuntu 11.04 / 11.10 : usbmuxd vulnerability (USN-1354-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that usbmuxd did not correctly perform bounds\nchecking when processing the SerialNumber field of USB devices. An\nattacker with physical access could use this to crash usbmuxd or\npotentially execute arbitrary code as the 'usbmux' user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1354-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libusbmuxd1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libusbmuxd1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libusbmuxd1\", pkgver:\"1.0.7-1ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libusbmuxd1\", pkgver:\"1.0.7-1ubuntu0.11.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libusbmuxd1\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:24:24", "description": "usbmuxd was prone to a buffer overflow vulnerability", "edition": 15, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : usbmuxd (openSUSE-2012-140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libusbmuxd1-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libusbmuxd-devel", "p-cpe:/a:novell:opensuse:iproxy-debuginfo", "p-cpe:/a:novell:opensuse:libusbmuxd1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:usbmuxd-debuginfo", "p-cpe:/a:novell:opensuse:libusbmuxd1-32bit", "p-cpe:/a:novell:opensuse:usbmuxd-debugsource", "p-cpe:/a:novell:opensuse:iproxy", "p-cpe:/a:novell:opensuse:libusbmuxd1", "p-cpe:/a:novell:opensuse:usbmuxd", "p-cpe:/a:novell:opensuse:usbmuxd-debuginfo-32bit"], "id": "OPENSUSE-2012-140.NASL", "href": "https://www.tenable.com/plugins/nessus/74561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-140.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74561);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0065\");\n\n script_name(english:\"openSUSE Security Update : usbmuxd (openSUSE-2012-140)\");\n script_summary(english:\"Check for the openSUSE-2012-140 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"usbmuxd was prone to a buffer overflow vulnerability\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742546\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected usbmuxd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"iproxy-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"iproxy-debuginfo-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libusbmuxd-devel-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libusbmuxd1-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libusbmuxd1-debuginfo-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"usbmuxd-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"usbmuxd-debuginfo-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"usbmuxd-debugsource-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libusbmuxd1-32bit-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libusbmuxd1-debuginfo-32bit-1.0.7-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"usbmuxd-debuginfo-32bit-1.0.7-6.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iproxy / iproxy-debuginfo / libusbmuxd-devel / libusbmuxd1 / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:41:56", "description": "This update of usbmuxd fixes a heap-based buffer overflow which could\nbe triggered via an overly long 'SerialNumber' field. (CVE-2012-0065)", "edition": 18, "published": "2012-03-12T00:00:00", "title": "SuSE 11.2 Security Update : usbmuxd (SAT Patch Number 5871)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2012-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:usbmuxd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_USBMUXD-120223.NASL", "href": "https://www.tenable.com/plugins/nessus/58317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58317);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0065\");\n\n script_name(english:\"SuSE 11.2 Security Update : usbmuxd (SAT Patch Number 5871)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of usbmuxd fixes a heap-based buffer overflow which could\nbe triggered via an overly long 'SerialNumber' field. (CVE-2012-0065)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0065.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5871.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"usbmuxd-1.0.7-5.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"usbmuxd-1.0.7-5.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:36:11", "description": "This update of usbmuxd fixes a heap-based buffer overflow which could\nbe triggered via an overly long 'SerialNumber' field (CVE-2012-0065).", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : iproxy (openSUSE-SU-2012:0345-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0065"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libusbmuxd1-debuginfo", "p-cpe:/a:novell:opensuse:libusbmuxd-devel", "p-cpe:/a:novell:opensuse:iproxy-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:usbmuxd-debuginfo", "p-cpe:/a:novell:opensuse:usbmuxd-debugsource", "p-cpe:/a:novell:opensuse:iproxy", "p-cpe:/a:novell:opensuse:libusbmuxd1", "p-cpe:/a:novell:opensuse:usbmuxd"], "id": "SUSE_11_4_IPROXY-120223.NASL", "href": "https://www.tenable.com/plugins/nessus/75867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update iproxy-5868.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75867);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0065\");\n\n script_name(english:\"openSUSE Security Update : iproxy (openSUSE-SU-2012:0345-1)\");\n script_summary(english:\"Check for the iproxy-5868 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of usbmuxd fixes a heap-based buffer overflow which could\nbe triggered via an overly long 'SerialNumber' field (CVE-2012-0065).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected iproxy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:usbmuxd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"iproxy-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"iproxy-debuginfo-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libusbmuxd-devel-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libusbmuxd1-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libusbmuxd1-debuginfo-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"usbmuxd-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"usbmuxd-debuginfo-1.0.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"usbmuxd-debugsource-1.0.7-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"usbmuxd\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
