CVE-2016-5104Improper Access Control in Libimobiledevice

CWE-284Improper Access Control10 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
1.8%
top 17.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LibimobiledeviceLibimobiledevice LibusbmuxdDebian Libimobiledevice+4 more
Timeline
PublishedJun 13
Latest updateMay 14

Description

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

Debianlibimobiledevice/libusbmuxd< 1.0.10-3+3
debiandebian/libusbmuxd< libimobiledevice 1.2.0+dfsg-3 (bookworm)
debiandebian/libimobiledevice< libimobiledevice 1.2.0+dfsg-3 (bookworm)
Debianlibimobiledevice/libimobiledevice< 1.2.0+dfsg-3+3

Also affects: Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

2
GHSA
GHSA-v8rh-c9vm-p8g7: The socket_create function in common/socket2022-05-14
OSV
CVE-2016-5104: The socket_create function in common/socket2016-06-13

📋Vendor Advisories

4
Ubuntu
libusbmuxd vulnerability2016-07-05
Ubuntu
libimobiledevice vulnerability2016-07-05
Debian
CVE-2016-5104: libimobiledevice - The socket_create function in common/socket.c in libimobiledevice and libusbmuxd...2016
Red Hat
libimobiledevice: Sockets listening on INADDR_ANY2015-12-29

💬Community

3
Bugzilla
CVE-2016-5104 libimobiledevice: Sockets listening on INADDR_ANY2016-05-26
Bugzilla
CVE-2016-5104 libimobiledevice: Sockets listening on INADDR_ANY [fedora-all]2016-05-26
Bugzilla
CVE-2016-5104 libusbmuxd: libimobiledevice: Sockets listening on INADDR_ANY [fedora-all]2016-05-26