Vulnerabilities > CVE-2016-5104 - Improper Access Control vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Signature Spoofing by Key Theft An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-C1DF5311C4.NASL description Security fix for CVE-2016-5104 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92151 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92151 title Fedora 23 : libimobiledevice / libusbmuxd (2016-c1df5311c4) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-c1df5311c4. # include("compat.inc"); if (description) { script_id(92151); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5104"); script_xref(name:"FEDORA", value:"2016-c1df5311c4"); script_name(english:"Fedora 23 : libimobiledevice / libusbmuxd (2016-c1df5311c4)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-5104 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1df5311c4" ); script_set_attribute( attribute:"solution", value:"Update the affected libimobiledevice and / or libusbmuxd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libimobiledevice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libusbmuxd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"libimobiledevice-1.2.0-7.fc23")) flag++; if (rpm_check(release:"FC23", reference:"libusbmuxd-1.0.10-5.fc23")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libimobiledevice / libusbmuxd"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-80078B50D7.NASL description Security fix for CVE-2016-5104 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92120 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92120 title Fedora 22 : libimobiledevice / libusbmuxd (2016-80078b50d7) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-80078b50d7. # include("compat.inc"); if (description) { script_id(92120); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5104"); script_xref(name:"FEDORA", value:"2016-80078b50d7"); script_name(english:"Fedora 22 : libimobiledevice / libusbmuxd (2016-80078b50d7)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-5104 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-80078b50d7" ); script_set_attribute( attribute:"solution", value:"Update the affected libimobiledevice and / or libusbmuxd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libimobiledevice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libusbmuxd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"libimobiledevice-1.2.0-7.fc22")) flag++; if (rpm_check(release:"FC22", reference:"libusbmuxd-1.0.10-5.fc22")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libimobiledevice / libusbmuxd"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2436.NASL description According to the version of the libimobiledevice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.(CVE-2016-5104) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131590 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131590 title EulerOS 2.0 SP2 : libimobiledevice (EulerOS-SA-2019-2436) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131590); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2016-5104" ); script_name(english:"EulerOS 2.0 SP2 : libimobiledevice (EulerOS-SA-2019-2436)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the libimobiledevice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.(CVE-2016-5104) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2436 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3c78f248"); script_set_attribute(attribute:"solution", value: "Update the affected libimobiledevice package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libimobiledevice"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libimobiledevice-1.1.5-6.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libimobiledevice"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1639-1.NASL description libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed : - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally (982014). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93162 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93162 title SUSE SLED12 / SLES12 Security Update : libimobiledevice, usbmuxd (SUSE-SU-2016:1639-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1639-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93162); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-5104"); script_name(english:"SUSE SLED12 / SLES12 Security Update : libimobiledevice, usbmuxd (SUSE-SU-2016:1639-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed : - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally (982014). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=982014" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5104/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161639-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3fea806e" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12-SP1 : zypper in -t patch SUSE-SLE-WE-12-SP1-2016-973=1 SUSE Linux Enterprise Workstation Extension 12 : zypper in -t patch SUSE-SLE-WE-12-2016-973=1 SUSE Linux Enterprise Software Development Kit 12-SP1 : zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-973=1 SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2016-973=1 SUSE Linux Enterprise Server 12-SP1 : zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-973=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2016-973=1 SUSE Linux Enterprise Desktop 12-SP1 : zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-973=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2016-973=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libimobiledevice-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libimobiledevice-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libimobiledevice-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libimobiledevice4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libimobiledevice4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libusbmuxd2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libusbmuxd2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:usbmuxd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:usbmuxd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:usbmuxd-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"libimobiledevice-debugsource-1.1.5-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libimobiledevice4-1.1.5-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libimobiledevice4-debuginfo-1.1.5-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libusbmuxd2-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libusbmuxd2-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"usbmuxd-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"usbmuxd-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"usbmuxd-debugsource-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libimobiledevice-debugsource-1.1.5-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libimobiledevice4-1.1.5-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libimobiledevice4-debuginfo-1.1.5-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libusbmuxd2-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libusbmuxd2-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"usbmuxd-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"usbmuxd-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"usbmuxd-debugsource-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libimobiledevice-debugsource-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libimobiledevice-tools-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libimobiledevice-tools-debuginfo-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libimobiledevice4-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libimobiledevice4-debuginfo-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libusbmuxd2-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libusbmuxd2-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"usbmuxd-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"usbmuxd-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"usbmuxd-debugsource-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libimobiledevice-debugsource-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libimobiledevice-tools-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libimobiledevice-tools-debuginfo-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libimobiledevice4-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libimobiledevice4-debuginfo-1.1.5-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libusbmuxd2-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libusbmuxd2-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"usbmuxd-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"usbmuxd-debuginfo-1.0.8-12.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"usbmuxd-debugsource-1.0.8-12.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libimobiledevice / usbmuxd"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-698.NASL description This update for libimobiledevice, libusbmuxd fixes the following issues : - Add libimobiledevice-CVE-2016-5104.patch: Make sure sockets only listen locally (CVE-2016-5104, boo#982014). last seen 2020-06-05 modified 2016-06-09 plugin id 91533 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91533 title openSUSE Security Update : libimobiledevice / libusbmuxd (openSUSE-2016-698) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-698. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(91533); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5104"); script_name(english:"openSUSE Security Update : libimobiledevice / libusbmuxd (openSUSE-2016-698)"); script_summary(english:"Check for the openSUSE-2016-698 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libimobiledevice, libusbmuxd fixes the following issues : - Add libimobiledevice-CVE-2016-5104.patch: Make sure sockets only listen locally (CVE-2016-5104, boo#982014)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982014" ); script_set_attribute( attribute:"solution", value:"Update the affected libimobiledevice / libusbmuxd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:imobiledevice-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:imobiledevice-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iproxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iproxy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libimobiledevice6-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libusbmuxd4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-imobiledevice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-imobiledevice-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"imobiledevice-tools-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"imobiledevice-tools-debuginfo-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"iproxy-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"iproxy-debuginfo-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libimobiledevice-debugsource-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libimobiledevice-devel-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libimobiledevice4-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libimobiledevice4-debuginfo-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libusbmuxd-debugsource-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libusbmuxd-devel-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libusbmuxd2-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libusbmuxd2-debuginfo-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"python-imobiledevice-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"python-imobiledevice-debuginfo-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libimobiledevice4-32bit-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libimobiledevice4-debuginfo-32bit-1.1.6-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libusbmuxd2-32bit-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libusbmuxd2-debuginfo-32bit-1.0.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"imobiledevice-tools-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"imobiledevice-tools-debuginfo-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"iproxy-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"iproxy-debuginfo-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libimobiledevice-debugsource-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libimobiledevice-devel-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libimobiledevice6-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libimobiledevice6-debuginfo-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libusbmuxd-debugsource-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libusbmuxd-devel-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libusbmuxd4-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libusbmuxd4-debuginfo-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"python-imobiledevice-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"python-imobiledevice-debuginfo-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libimobiledevice6-32bit-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libimobiledevice6-debuginfo-32bit-1.2.0-6.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libusbmuxd4-32bit-1.0.10-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libusbmuxd4-debuginfo-32bit-1.0.10-4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imobiledevice-tools / imobiledevice-tools-debuginfo / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3026-1.NASL description It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91956 published 2016-07-06 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91956 title Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libimobiledevice vulnerability (USN-3026-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3026-2.NASL description It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91957 published 2016-07-06 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91957 title Ubuntu 15.10 / 16.04 LTS : libusbmuxd vulnerability (USN-3026-2) NASL family Fedora Local Security Checks NASL id FEDORA_2016-F10F7EE784.NASL description Security fix for CVE-2016-5104 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92196 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92196 title Fedora 24 : libimobiledevice / libusbmuxd (2016-f10f7ee784) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2258.NASL description According to the version of the libimobiledevice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libimobiledevice is a library for connecting to mobile devices including phones and music playersSecurity Fix(es):The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.(CVE-2016-5104) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130720 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130720 title EulerOS 2.0 SP3 : libimobiledevice (EulerOS-SA-2019-2258) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2121.NASL description It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8 last seen 2020-03-17 modified 2020-02-28 plugin id 134124 published 2020-02-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134124 title Debian DLA-2121-1 : libimobiledevice security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2122.NASL description It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8 last seen 2020-03-17 modified 2020-02-28 plugin id 134125 published 2020-02-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134125 title Debian DLA-2122-1 : libusbmuxd security update
References
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html
- http://www.openwall.com/lists/oss-security/2016/05/26/1
- http://www.openwall.com/lists/oss-security/2016/05/26/1
- http://www.openwall.com/lists/oss-security/2016/05/26/6
- http://www.openwall.com/lists/oss-security/2016/05/26/6
- http://www.ubuntu.com/usn/USN-3026-1
- http://www.ubuntu.com/usn/USN-3026-1
- http://www.ubuntu.com/usn/USN-3026-2
- http://www.ubuntu.com/usn/USN-3026-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1339988
- https://bugzilla.redhat.com/show_bug.cgi?id=1339988
- https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
- https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
- https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
- https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
- https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html