Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201706-5 ======================================== Severity: Medium Date : 2017-06-05 CVE-ID : CVE-2016-5104 Package : libusbmuxd Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-7 Summary ====== The package libusbmuxd before version 1.0.10-2 is vulnerable to access restriction bypass. Resolution ========= Upgrade to 1.0.10-2. # pacman -Syu "libusbmuxd>=1.0.10-2" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers on the local network to bypass intended access restrictions and communicate with services on affected devices by connecting to an IPv4 TCP socket. Impact ===== A remote attacker is able to interact with a USB-connected device by connecting to a IPv4 TCP socket. References ========= https://gitlab.archlinux.org/explore/groups https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196 http://www.openwall.com/lists/oss-security/2016/05/26/6 https://security.archlinux.org/CVE-2016-5104