REDHAT-BUG-1339988
First published: Thu May 26 2016(Updated: )
It was found that libimobiledevice and libusbmuxd libraries accidentally bound a listening IPv4 TCP socket to INADDR_ANY instead of INADDR_LOOPBACK. This socket is used to communicate with services on an iOS device. The impact is accidental exposure of the iOS device to attackers on the local network. The RHEL workstation itself is not exposed, nor is there an easy escalation for attackers to gain access to the host. Upstream patches: libusbmuxd: <a href="https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196">https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196</a> libimobiledevice: <a href="https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e">https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e</a> CVE request: <a href="http://seclists.org/oss-sec/2016/q2/410">http://seclists.org/oss-sec/2016/q2/410</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libimobiledevice and libplist | ||
| libusbmuxd |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
- https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
- http://seclists.org/oss-sec/2016/q2/410
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1339990
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1339991
- http://seclists.org/oss-sec/2016/q2/415
- https://bugzilla.redhat.com/show_bug.cgi?id=1339988
Frequently Asked Questions
What is the severity of REDHAT-BUG-1339988?
The severity of REDHAT-BUG-1339988 is considered high as it exposes iOS devices to potential attacks from local network threats.
How do I fix REDHAT-BUG-1339988?
To fix REDHAT-BUG-1339988, update the libimobiledevice and libusbmuxd libraries to the latest patched versions provided by the vendor.
What systems are affected by REDHAT-BUG-1339988?
REDHAT-BUG-1339988 affects systems that use the libimobiledevice and libusbmuxd libraries for iOS device communication.
Is there a workaround for REDHAT-BUG-1339988?
A potential workaround for REDHAT-BUG-1339988 is to configure your firewall to block access to the affected services from the local network.
What is the impact of REDHAT-BUG-1339988?
The impact of REDHAT-BUG-1339988 is the accidental exposure of iOS devices to attackers on the local network due to inappropriate socket binding.
- agent/first-publish-date
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-5104
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libimobiledevice
- canonical/libimobiledevice and libplist
- canonical/libusbmuxd