CVE-2016-5104
MEDIUMlibimobiledevice < 1.2.0 and libusbmuxd < 1.0.10 - Improper Access Control via IPv4 TCP Socket
Title source: llmDescription
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
References (11)
Core 11
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1339988
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3026-1
Patch x_refsource_confirm
https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
Patch x_refsource_confirm
https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/26/1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3026-2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/26/6
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html
Scores
CVSS v3
5.3
EPSS
0.0175
EPSS Percentile
82.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-284
Status
published
Products (7)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.10
canonical/ubuntu_linux
16.04
libimobiledevice/libimobiledevice
< 1.2.0
libimobiledevice/libusbmuxd
< 1.0.10
opensuse/leap
42.1
opensuse/opensuse
13.2
Published
Jun 13, 2016
Tracked Since
Feb 18, 2026