Vulnerability Description
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libimobiledevice | Libimobiledevice | <= 1.2.0 |
| Libimobiledevice | Libusbmuxd | <= 1.0.10 |
| Canonical | Ubuntu Linux | 14.04 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html
- http://www.openwall.com/lists/oss-security/2016/05/26/1
- http://www.openwall.com/lists/oss-security/2016/05/26/6
- http://www.ubuntu.com/usn/USN-3026-1
- http://www.ubuntu.com/usn/USN-3026-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1339988
- https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad400
- https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed
- https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html
- http://www.openwall.com/lists/oss-security/2016/05/26/1
- http://www.openwall.com/lists/oss-security/2016/05/26/6
FAQ
What is CVE-2016-5104?
CVE-2016-5104 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecti...
How severe is CVE-2016-5104?
CVE-2016-5104 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5104?
Check the references section above for vendor advisories and patch information. Affected products include: Libimobiledevice Libimobiledevice, Libimobiledevice Libusbmuxd, Canonical Ubuntu Linux, Opensuse Leap, Opensuse Opensuse.