#VU6951 Access bypass in libimobiledevice and libusbmuxd - CVE-2016-5104


| Updated: 2017-06-07

Vulnerability identifier: #VU6951

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-5104

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libimobiledevice
Universal components / Libraries / Libraries used by multiple products
libusbmuxd
Universal components / Libraries / Libraries used by multiple products

Vendor: libimobiledevice

Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in the socket_create function in common/socket.c in libimobiledevice and libusbmuxd. A remote attacker can connect to an IPv4 TCP socket, bypass intended access restrictions and communicate with services on iOS devices.

Successful exploitation of the vulnerability results in security bypass.

Mitigation
Update libusbmuxd to version 1.0.10-2.
Update libimobiledevice to version 1.2.0-4.

Vulnerable software versions

libimobiledevice: 1.2.0-3

libusbmuxd: 1.0.10-1

External links
https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Access bypass in libusbmuxd
Arch Linux update for libimobiledevice
Ubuntu update for libusbmuxd
Ubuntu update for libimobiledevice
SUSE Linux update for libimobiledevice
Fedora 22 update for libimobiledevice, libusbmuxd
Fedora 23 update for libimobiledevice, libusbmuxd
Fedora 24 update for libimobiledevice, libusbmuxd