{"cve": [{"lastseen": "2021-02-02T06:28:08", "description": "The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-06-13T14:59:00", "title": "CVE-2016-5104", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5104"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:libimobiledevice:libusbmuxd:1.0.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:leap:42.1", "cpe:/a:libimobiledevice:libimobiledevice:1.2.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-5104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5104", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libimobiledevice:libimobiledevice:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:libimobiledevice:libusbmuxd:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "libimobiledevice is a library for connecting to mobile devices including ph ones and music players ", "modified": "2016-05-28T18:35:09", "published": "2016-05-28T18:35:09", "id": "FEDORA:7DD4F60AEA80", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libimobiledevice-1.2.0-7.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "libusbmuxd is the client library used for communicating with Apple's iPod T ouch, iPhone, iPad and Apple TV devices. It allows multiple services on the device to be accessed simultaneously. ", "modified": "2016-05-28T18:35:09", "published": "2016-05-28T18:35:09", "id": "FEDORA:6BF7460ABEEE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libusbmuxd-1.0.10-5.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "libusbmuxd is the client library used for communicating with Apple's iPod T ouch, iPhone, iPad and Apple TV devices. It allows multiple services on the device to be accessed simultaneously. ", "modified": "2016-05-31T02:54:24", "published": "2016-05-31T02:54:24", "id": "FEDORA:70C7960E657D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libusbmuxd-1.0.10-5.fc23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "libimobiledevice is a library for connecting to mobile devices including ph ones and music players ", "modified": "2016-06-01T20:24:32", "published": "2016-06-01T20:24:32", "id": "FEDORA:0EE7160F0850", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libimobiledevice-1.2.0-7.fc22", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "libusbmuxd is the client library used for communicating with Apple's iPod T ouch, iPhone, iPad and Apple TV devices. It allows multiple services on the device to be accessed simultaneously. ", "modified": "2016-06-01T20:24:31", "published": "2016-06-01T20:24:31", "id": "FEDORA:4972B60CFA9D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libusbmuxd-1.0.10-5.fc22", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-07T09:00:06", "description": "According to the version of the libimobiledevice package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - libimobiledevice is a library for connecting to mobile\n devices including phones and music playersSecurity\n Fix(es):The socket_create function in common/socket.c\n in libimobiledevice and libusbmuxd allows remote\n attackers to bypass intended access restrictions and\n communicate with services on iOS devices by connecting\n to an IPv4 TCP socket.(CVE-2016-5104)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP3 : libimobiledevice (EulerOS-SA-2019-2258)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libimobiledevice", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2258.NASL", "href": "https://www.tenable.com/plugins/nessus/130720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130720);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5104\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libimobiledevice (EulerOS-SA-2019-2258)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libimobiledevice package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - libimobiledevice is a library for connecting to mobile\n devices including phones and music playersSecurity\n Fix(es):The socket_create function in common/socket.c\n in libimobiledevice and libusbmuxd allows remote\n attackers to bypass intended access restrictions and\n communicate with services on iOS devices by connecting\n to an IPv4 TCP socket.(CVE-2016-5104)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2258\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8bc2de0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libimobiledevice package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libimobiledevice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libimobiledevice-1.1.5-6.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimobiledevice\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:42:10", "description": "It was discovered that libusbmuxd incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.0.9-1+deb8u1.\n\nWe recommend that you upgrade your libusbmuxd packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2020-02-28T00:00:00", "title": "Debian DLA-2122-1 : libusbmuxd security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2020-02-28T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libusbmuxd-tools", "p-cpe:/a:debian:debian_linux:libusbmuxd2-dbg", "p-cpe:/a:debian:debian_linux:libusbmuxd-dev", "p-cpe:/a:debian:debian_linux:libusbmuxd2"], "id": "DEBIAN_DLA-2122.NASL", "href": "https://www.tenable.com/plugins/nessus/134125", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2122-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134125);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5104\");\n\n script_name(english:\"Debian DLA-2122-1 : libusbmuxd security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libusbmuxd incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.0.9-1+deb8u1.\n\nWe recommend that you upgrade your libusbmuxd packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libusbmuxd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbmuxd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbmuxd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbmuxd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbmuxd2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libusbmuxd-dev\", reference:\"1.0.9-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libusbmuxd-tools\", reference:\"1.0.9-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libusbmuxd2\", reference:\"1.0.9-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libusbmuxd2-dbg\", reference:\"1.0.9-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:26", "description": "Security fix for CVE-2016-5104\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 22 : libimobiledevice / libusbmuxd (2016-80078b50d7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libusbmuxd", "cpe:/o:fedoraproject:fedora:22", "p-cpe:/a:fedoraproject:fedora:libimobiledevice"], "id": "FEDORA_2016-80078B50D7.NASL", "href": "https://www.tenable.com/plugins/nessus/92120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-80078b50d7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92120);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5104\");\n script_xref(name:\"FEDORA\", value:\"2016-80078b50d7\");\n\n script_name(english:\"Fedora 22 : libimobiledevice / libusbmuxd (2016-80078b50d7)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5104\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-80078b50d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libimobiledevice and / or libusbmuxd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libimobiledevice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libusbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"libimobiledevice-1.2.0-7.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"libusbmuxd-1.0.10-5.fc22\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimobiledevice / libusbmuxd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:15:02", "description": "Security fix for CVE-2016-5104\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 24 : libimobiledevice / libusbmuxd (2016-f10f7ee784)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libusbmuxd", "cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:libimobiledevice"], "id": "FEDORA_2016-F10F7EE784.NASL", "href": "https://www.tenable.com/plugins/nessus/92196", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f10f7ee784.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92196);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5104\");\n script_xref(name:\"FEDORA\", value:\"2016-f10f7ee784\");\n\n script_name(english:\"Fedora 24 : libimobiledevice / libusbmuxd (2016-f10f7ee784)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5104\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f10f7ee784\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libimobiledevice and / or libusbmuxd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libimobiledevice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libusbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"libimobiledevice-1.2.0-7.fc24\")) flag++;\nif (rpm_check(release:\"FC24\", reference:\"libusbmuxd-1.0.10-5.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimobiledevice / libusbmuxd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:46", "description": "Security fix for CVE-2016-5104\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 23 : libimobiledevice / libusbmuxd (2016-c1df5311c4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libusbmuxd", "cpe:/o:fedoraproject:fedora:23", "p-cpe:/a:fedoraproject:fedora:libimobiledevice"], "id": "FEDORA_2016-C1DF5311C4.NASL", "href": "https://www.tenable.com/plugins/nessus/92151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c1df5311c4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92151);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5104\");\n script_xref(name:\"FEDORA\", value:\"2016-c1df5311c4\");\n\n script_name(english:\"Fedora 23 : libimobiledevice / libusbmuxd (2016-c1df5311c4)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5104\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1df5311c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libimobiledevice and / or libusbmuxd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libimobiledevice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libusbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"libimobiledevice-1.2.0-7.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"libusbmuxd-1.0.10-5.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimobiledevice / libusbmuxd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:24:13", "description": "libimobiledevice, usbmuxd were updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2016-5104: Sockets listening on INADDR_ANY instead\n of only locally (982014).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-08-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libimobiledevice, usbmuxd (SUSE-SU-2016:1639-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2016-08-29T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:usbmuxd-debuginfo", "p-cpe:/a:novell:suse_linux:libimobiledevice-tools", "p-cpe:/a:novell:suse_linux:libimobiledevice4-debuginfo", "p-cpe:/a:novell:suse_linux:usbmuxd-debugsource", "p-cpe:/a:novell:suse_linux:usbmuxd", "p-cpe:/a:novell:suse_linux:libusbmuxd2", "p-cpe:/a:novell:suse_linux:libimobiledevice4", "p-cpe:/a:novell:suse_linux:libusbmuxd2-debuginfo", "p-cpe:/a:novell:suse_linux:libimobiledevice-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libimobiledevice-debugsource"], "id": "SUSE_SU-2016-1639-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1639-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93162);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5104\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libimobiledevice, usbmuxd (SUSE-SU-2016:1639-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libimobiledevice, usbmuxd were updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2016-5104: Sockets listening on INADDR_ANY instead\n of only locally (982014).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5104/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161639-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fea806e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-973=1\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-973=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-973=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-973=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-973=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-973=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-973=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-973=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libimobiledevice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libimobiledevice-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libimobiledevice-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libimobiledevice4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libimobiledevice4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libusbmuxd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libusbmuxd2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:usbmuxd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:usbmuxd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:usbmuxd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libimobiledevice-debugsource-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libimobiledevice4-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libimobiledevice4-debuginfo-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libusbmuxd2-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libusbmuxd2-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"usbmuxd-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"usbmuxd-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"usbmuxd-debugsource-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libimobiledevice-debugsource-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libimobiledevice4-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libimobiledevice4-debuginfo-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libusbmuxd2-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libusbmuxd2-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"usbmuxd-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"usbmuxd-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"usbmuxd-debugsource-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libimobiledevice-debugsource-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libimobiledevice-tools-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libimobiledevice-tools-debuginfo-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libimobiledevice4-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libimobiledevice4-debuginfo-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libusbmuxd2-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libusbmuxd2-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"usbmuxd-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"usbmuxd-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"usbmuxd-debugsource-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libimobiledevice-debugsource-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libimobiledevice-tools-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libimobiledevice-tools-debuginfo-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libimobiledevice4-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libimobiledevice4-debuginfo-1.1.5-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libusbmuxd2-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libusbmuxd2-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"usbmuxd-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"usbmuxd-debuginfo-1.0.8-12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"usbmuxd-debugsource-1.0.8-12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimobiledevice / usbmuxd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:33", "description": "This update for libimobiledevice, libusbmuxd fixes the following\nissues :\n\n - Add libimobiledevice-CVE-2016-5104.patch: Make sure\n sockets only listen locally (CVE-2016-5104, boo#982014).", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-06-09T00:00:00", "title": "openSUSE Security Update : libimobiledevice / libusbmuxd (openSUSE-2016-698)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2016-06-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libimobiledevice6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libimobiledevice-debugsource", "p-cpe:/a:novell:opensuse:imobiledevice-tools-debuginfo", "p-cpe:/a:novell:opensuse:libusbmuxd4", "p-cpe:/a:novell:opensuse:libusbmuxd2", "p-cpe:/a:novell:opensuse:libimobiledevice-devel", "p-cpe:/a:novell:opensuse:libusbmuxd-devel", "p-cpe:/a:novell:opensuse:python-imobiledevice", "p-cpe:/a:novell:opensuse:libusbmuxd4-debuginfo", "p-cpe:/a:novell:opensuse:libimobiledevice6-debuginfo", "p-cpe:/a:novell:opensuse:iproxy-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libusbmuxd2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libimobiledevice4", "p-cpe:/a:novell:opensuse:libimobiledevice4-debuginfo", "p-cpe:/a:novell:opensuse:libusbmuxd-debugsource", "p-cpe:/a:novell:opensuse:python-imobiledevice-debuginfo", "p-cpe:/a:novell:opensuse:libusbmuxd2-32bit", "p-cpe:/a:novell:opensuse:iproxy", "p-cpe:/a:novell:opensuse:libusbmuxd4-32bit", "p-cpe:/a:novell:opensuse:libimobiledevice4-32bit", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libusbmuxd4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libimobiledevice6-32bit", "p-cpe:/a:novell:opensuse:libimobiledevice6", "p-cpe:/a:novell:opensuse:imobiledevice-tools", "p-cpe:/a:novell:opensuse:libimobiledevice4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libusbmuxd2-debuginfo"], "id": "OPENSUSE-2016-698.NASL", "href": "https://www.tenable.com/plugins/nessus/91533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-698.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91533);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5104\");\n\n script_name(english:\"openSUSE Security Update : libimobiledevice / libusbmuxd (openSUSE-2016-698)\");\n script_summary(english:\"Check for the openSUSE-2016-698 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libimobiledevice, libusbmuxd fixes the following\nissues :\n\n - Add libimobiledevice-CVE-2016-5104.patch: Make sure\n sockets only listen locally (CVE-2016-5104, boo#982014).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982014\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libimobiledevice / libusbmuxd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:imobiledevice-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:imobiledevice-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libimobiledevice6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libusbmuxd4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-imobiledevice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-imobiledevice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"imobiledevice-tools-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"imobiledevice-tools-debuginfo-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"iproxy-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"iproxy-debuginfo-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libimobiledevice-debugsource-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libimobiledevice-devel-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libimobiledevice4-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libimobiledevice4-debuginfo-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libusbmuxd-debugsource-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libusbmuxd-devel-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libusbmuxd2-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libusbmuxd2-debuginfo-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-imobiledevice-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-imobiledevice-debuginfo-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libimobiledevice4-32bit-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libimobiledevice4-debuginfo-32bit-1.1.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libusbmuxd2-32bit-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libusbmuxd2-debuginfo-32bit-1.0.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"imobiledevice-tools-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"imobiledevice-tools-debuginfo-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"iproxy-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"iproxy-debuginfo-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libimobiledevice-debugsource-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libimobiledevice-devel-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libimobiledevice6-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libimobiledevice6-debuginfo-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libusbmuxd-debugsource-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libusbmuxd-devel-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libusbmuxd4-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libusbmuxd4-debuginfo-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python-imobiledevice-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python-imobiledevice-debuginfo-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libimobiledevice6-32bit-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libimobiledevice6-debuginfo-32bit-1.2.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libusbmuxd4-32bit-1.0.10-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libusbmuxd4-debuginfo-32bit-1.0.10-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imobiledevice-tools / imobiledevice-tools-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T07:31:13", "description": "It was discovered that libimobiledevice incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-07-06T00:00:00", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libimobiledevice vulnerability (USN-3026-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:libimobiledevice6", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:libimobiledevice4", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3026-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3026-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91956);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5104\");\n script_xref(name:\"USN\", value:\"3026-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libimobiledevice vulnerability (USN-3026-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libimobiledevice incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3026-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libimobiledevice4 and / or libimobiledevice6\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimobiledevice4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimobiledevice6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libimobiledevice4\", pkgver:\"1.1.5+git20140313.bafe6a9e-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libimobiledevice4\", pkgver:\"1.1.6+dfsg-3.1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libimobiledevice6\", pkgver:\"1.2.0+dfsg-3~ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimobiledevice4 / libimobiledevice6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T07:31:13", "description": "It was discovered that libusbmuxd incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-07-06T00:00:00", "title": "Ubuntu 15.10 / 16.04 LTS : libusbmuxd vulnerability (USN-3026-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libusbmuxd4", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:libusbmuxd2"], "id": "UBUNTU_USN-3026-2.NASL", "href": "https://www.tenable.com/plugins/nessus/91957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3026-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91957);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5104\");\n script_xref(name:\"USN\", value:\"3026-2\");\n\n script_name(english:\"Ubuntu 15.10 / 16.04 LTS : libusbmuxd vulnerability (USN-3026-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libusbmuxd incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3026-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libusbmuxd2 and / or libusbmuxd4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libusbmuxd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libusbmuxd4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libusbmuxd2\", pkgver:\"1.0.9-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libusbmuxd4\", pkgver:\"1.0.10-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libusbmuxd2 / libusbmuxd4\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:42:10", "description": "It was discovered that libimobiledevice incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.1.6+dfsg-3.1+deb8u1.\n\nWe recommend that you upgrade your libimobiledevice packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2020-02-28T00:00:00", "title": "Debian DLA-2121-1 : libimobiledevice security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "modified": "2020-02-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-imobiledevice", "p-cpe:/a:debian:debian_linux:libimobiledevice-dev", "p-cpe:/a:debian:debian_linux:libimobiledevice4", "p-cpe:/a:debian:debian_linux:libimobiledevice4-dbg", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libimobiledevice-utils", "p-cpe:/a:debian:debian_linux:libimobiledevice-doc"], "id": "DEBIAN_DLA-2121.NASL", "href": "https://www.tenable.com/plugins/nessus/134124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2121-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134124);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5104\");\n\n script_name(english:\"Debian DLA-2121-1 : libimobiledevice security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libimobiledevice incorrectly handled socket\npermissions. A remote attacker could use this issue to access services\non iOS devices, contrary to expectations.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.1.6+dfsg-3.1+deb8u1.\n\nWe recommend that you upgrade your libimobiledevice packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libimobiledevice\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimobiledevice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimobiledevice-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimobiledevice-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimobiledevice4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimobiledevice4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-imobiledevice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libimobiledevice-dev\", reference:\"1.1.6+dfsg-3.1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimobiledevice-doc\", reference:\"1.1.6+dfsg-3.1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimobiledevice-utils\", reference:\"1.1.6+dfsg-3.1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimobiledevice4\", reference:\"1.1.6+dfsg-3.1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimobiledevice4-dbg\", reference:\"1.1.6+dfsg-3.1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-imobiledevice\", reference:\"1.1.6+dfsg-3.1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808416", "type": "openvas", "title": "Fedora Update for libusbmuxd FEDORA-2016-f10f7ee784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libusbmuxd FEDORA-2016-f10f7ee784\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808416\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:34:45 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libusbmuxd FEDORA-2016-f10f7ee784\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libusbmuxd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libusbmuxd on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f10f7ee784\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRGHU2WF7WLXNDO3NO77DWSSAV66NTRR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd\", rpm:\"libusbmuxd~1.0.10~5.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-02T18:55:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2020-02-28T00:00:00", "published": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310892122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892122", "type": "openvas", "title": "Debian LTS: Security Advisory for libusbmuxd (DLA-2122-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892122\");\n script_version(\"2020-02-28T04:00:11+0000\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 04:00:11 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-28 04:00:11 +0000 (Fri, 28 Feb 2020)\");\n script_name(\"Debian LTS: Security Advisory for libusbmuxd (DLA-2122-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2122-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/825554\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libusbmuxd'\n package(s) announced via the DLA-2122-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libusbmuxd incorrectly handled socket\npermissions. A remote attacker could use this issue to access\nservices on iOS devices, contrary to expectations.\");\n\n script_tag(name:\"affected\", value:\"'libusbmuxd' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1.0.9-1+deb8u1.\n\nWe recommend that you upgrade your libusbmuxd packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libusbmuxd-dev\", ver:\"1.0.9-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbmuxd-tools\", ver:\"1.0.9-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbmuxd2\", ver:\"1.0.9-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbmuxd2-dbg\", ver:\"1.0.9-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192436", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libimobiledevice (EulerOS-SA-2019-2436)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2436\");\n script_version(\"2020-01-23T12:56:42+0000\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:56:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:56:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libimobiledevice (EulerOS-SA-2019-2436)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2436\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2436\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libimobiledevice' package(s) announced via the EulerOS-SA-2019-2436 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.(CVE-2016-5104)\");\n\n script_tag(name:\"affected\", value:\"'libimobiledevice' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libimobiledevice\", rpm:\"libimobiledevice~1.1.5~6.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:34:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192258", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libimobiledevice (EulerOS-SA-2019-2258)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2258\");\n script_version(\"2020-01-23T12:43:09+0000\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:43:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:43:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libimobiledevice (EulerOS-SA-2019-2258)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2258\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2258\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libimobiledevice' package(s) announced via the EulerOS-SA-2019-2258 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.(CVE-2016-5104)\");\n\n script_tag(name:\"affected\", value:\"'libimobiledevice' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libimobiledevice\", rpm:\"libimobiledevice~1.1.5~6.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-07-06T00:00:00", "id": "OPENVAS:1361412562310842821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842821", "type": "openvas", "title": "Ubuntu Update for libusbmuxd USN-3026-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libusbmuxd USN-3026-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842821\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-06 05:25:50 +0200 (Wed, 06 Jul 2016)\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libusbmuxd USN-3026-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libusbmuxd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that libusbmuxd\n incorrectly handled socket permissions. A remote attacker could use this issue\n to access services on iOS devices, contrary to expectations.\");\n script_tag(name:\"affected\", value:\"libusbmuxd on Ubuntu 16.04 LTS,\n Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3026-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3026-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(16\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libusbmuxd4:i386\", ver:\"1.0.10-2ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libusbmuxd4:amd64\", ver:\"1.0.10-2ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libusbmuxd2:amd64\", ver:\"1.0.9-1ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libusbmuxd2:i386\", ver:\"1.0.9-1ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808361", "type": "openvas", "title": "Fedora Update for libimobiledevice FEDORA-2016-c1df5311c4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libimobiledevice FEDORA-2016-c1df5311c4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808361\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:40:55 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libimobiledevice FEDORA-2016-c1df5311c4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libimobiledevice'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libimobiledevice on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c1df5311c4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYTZUAUD7CULBLQKQQXRERKIN2ZE3IQQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"libimobiledevice\", rpm:\"libimobiledevice~1.2.0~7.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808415", "type": "openvas", "title": "Fedora Update for libimobiledevice FEDORA-2016-f10f7ee784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libimobiledevice FEDORA-2016-f10f7ee784\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808415\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:42:58 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libimobiledevice FEDORA-2016-f10f7ee784\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libimobiledevice'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libimobiledevice on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f10f7ee784\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7LRBPLVV5AB6KRCAIWZIEAE3IQV6TKV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libimobiledevice\", rpm:\"libimobiledevice~1.2.0~7.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808362", "type": "openvas", "title": "Fedora Update for libusbmuxd FEDORA-2016-c1df5311c4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libusbmuxd FEDORA-2016-c1df5311c4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808362\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:37:59 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libusbmuxd FEDORA-2016-c1df5311c4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libusbmuxd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libusbmuxd on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c1df5311c4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COP2N6HNSSSRLSSIB2ZRMWTZLGPA7EEX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd\", rpm:\"libusbmuxd~1.0.10~5.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808315", "type": "openvas", "title": "Fedora Update for libusbmuxd FEDORA-2016-80078b50d7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libusbmuxd FEDORA-2016-80078b50d7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808315\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:27:52 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libusbmuxd FEDORA-2016-80078b50d7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libusbmuxd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libusbmuxd on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-80078b50d7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUJ4SF3XNUJJOSN62HSSIN4MDZUKKL6B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libusbmuxd\", rpm:\"libusbmuxd~1.0.10~5.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-02T18:54:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5104"], "description": "The remote host is missing an update for the ", "modified": "2020-02-28T00:00:00", "published": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310892121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892121", "type": "openvas", "title": "Debian LTS: Security Advisory for libimobiledevice (DLA-2121-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892121\");\n script_version(\"2020-02-28T04:00:09+0000\");\n script_cve_id(\"CVE-2016-5104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 04:00:09 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-28 04:00:09 +0000 (Fri, 28 Feb 2020)\");\n script_name(\"Debian LTS: Security Advisory for libimobiledevice (DLA-2121-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2121-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/825553\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libimobiledevice'\n package(s) announced via the DLA-2121-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libimobiledevice incorrectly handled socket\npermissions. A remote attacker could use this issue to access\nservices on iOS devices, contrary to expectations.\");\n\n script_tag(name:\"affected\", value:\"'libimobiledevice' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1.1.6+dfsg-3.1+deb8u1.\n\nWe recommend that you upgrade your libimobiledevice packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libimobiledevice-dev\", ver:\"1.1.6+dfsg-3.1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimobiledevice-doc\", ver:\"1.1.6+dfsg-3.1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimobiledevice-utils\", ver:\"1.1.6+dfsg-3.1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimobiledevice4\", ver:\"1.1.6+dfsg-3.1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimobiledevice4-dbg\", ver:\"1.1.6+dfsg-3.1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-imobiledevice\", ver:\"1.1.6+dfsg-3.1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "libimobiledevice, usbmuxd were updated to fix one security issue.\n\n This security issue was fixed:\n - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally\n (982014).\n\n", "edition": 1, "modified": "2016-06-21T13:21:30", "published": "2016-06-21T13:21:30", "id": "SUSE-SU-2016:1639-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html", "title": "Security update for libimobiledevice, usbmuxd (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "It was discovered that libusbmuxd incorrectly handled socket permissions. \nA remote attacker could use this issue to access services on iOS devices, \ncontrary to expectations.", "edition": 5, "modified": "2016-07-05T00:00:00", "published": "2016-07-05T00:00:00", "id": "USN-3026-2", "href": "https://ubuntu.com/security/notices/USN-3026-2", "title": "libusbmuxd vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:43:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "It was discovered that libimobiledevice incorrectly handled socket \npermissions. A remote attacker could use this issue to access services on \niOS devices, contrary to expectations.", "edition": 5, "modified": "2016-07-05T00:00:00", "published": "2016-07-05T00:00:00", "id": "USN-3026-1", "href": "https://ubuntu.com/security/notices/USN-3026-1", "title": "libimobiledevice vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:51:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "Package : libusbmuxd\nVersion : 1.0.9-1+deb8u1\nCVE ID : CVE-2016-5104\nDebian Bug : 825554\n\nIt was discovered that libusbmuxd incorrectly handled socket\npermissions. A remote attacker could use this issue to access\nservices on iOS devices, contrary to expectations.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1.0.9-1+deb8u1.\n\nWe recommend that you upgrade your libusbmuxd packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 5, "modified": "2020-02-27T22:09:44", "published": "2020-02-27T22:09:44", "id": "DEBIAN:DLA-2122-1:DCB54", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202002/msg00028.html", "title": "[SECURITY] [DLA 2122-1] libusbmuxd security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-08-12T01:09:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "Package : libimobiledevice\nVersion : 1.1.6+dfsg-3.1+deb8u1\nCVE ID : CVE-2016-5104\nDebian Bug : 825553\n\nIt was discovered that libimobiledevice incorrectly handled socket\npermissions. A remote attacker could use this issue to access\nservices on iOS devices, contrary to expectations.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1.1.6+dfsg-3.1+deb8u1.\n\nWe recommend that you upgrade your libimobiledevice packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2020-02-27T21:18:56", "published": "2020-02-27T21:18:56", "id": "DEBIAN:DLA-2121-1:FC773", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202002/msg00027.html", "title": "[SECURITY] [DLA 2121-1] libimobiledevice security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "Arch Linux Security Advisory ASA-201701-34\n==========================================\n\nSeverity: Medium\nDate : 2017-01-27\nCVE-ID : CVE-2016-5104\nPackage : libimobiledevice\nType : access restriction bypass\nRemote : Yes\nLink : https://security.archlinux.org/AVG-8\n\nSummary\n=======\n\nThe package libimobiledevice before version 1.2.0-4 is vulnerable to\naccess restriction bypass.\n\nResolution\n==========\n\nUpgrade to 1.2.0-4.\n\n# pacman -Syu \"libimobiledevice>=1.2.0-4\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe socket_create function in common/socket.c in libimobiledevice and\nlibusbmuxd allows remote attackers on the local network to bypass\nintended access restrictions and communicate with services on iOS\ndevices by connecting to an IPv4 TCP socket.\n\nImpact\n======\n\nA remote attacker on the local network is able to bypass access\nrestrictions and communicate with services on connected iOS devices.\n\nReferences\n==========\n\nhttp://www.openwall.com/lists/oss-security/2016/05/26/6\nhttps://security.archlinux.org/CVE-2016-5104", "modified": "2017-01-27T00:00:00", "published": "2017-01-27T00:00:00", "id": "ASA-201701-34", "href": "https://security.archlinux.org/ASA-201701-34", "type": "archlinux", "title": "[ASA-201701-34] libimobiledevice: access restriction bypass", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5104"], "description": "Arch Linux Security Advisory ASA-201706-5\n=========================================\n\nSeverity: Medium\nDate : 2017-06-05\nCVE-ID : CVE-2016-5104\nPackage : libusbmuxd\nType : access restriction bypass\nRemote : Yes\nLink : https://security.archlinux.org/AVG-7\n\nSummary\n=======\n\nThe package libusbmuxd before version 1.0.10-2 is vulnerable to access\nrestriction bypass.\n\nResolution\n==========\n\nUpgrade to 1.0.10-2.\n\n# pacman -Syu \"libusbmuxd>=1.0.10-2\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe socket_create function in common/socket.c in libimobiledevice and\nlibusbmuxd allows remote attackers on the local network to bypass\nintended access restrictions and communicate with services on affected\ndevices by connecting to an IPv4 TCP socket.\n\nImpact\n======\n\nA remote attacker is able to interact with a USB-connected device by\nconnecting to a IPv4 TCP socket.\n\nReferences\n==========\n\nhttps://git.archlinux.org/svntogit/packages.git/tree/trunk/CVE-2016-5104.patch?h=packages/libusbmuxd&id=c83d2655d67eb78375b5c3173020b79c9751bb1d\nhttps://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196\nhttp://www.openwall.com/lists/oss-security/2016/05/26/6\nhttps://security.archlinux.org/CVE-2016-5104", "modified": "2017-06-05T00:00:00", "published": "2017-06-05T00:00:00", "id": "ASA-201706-5", "href": "https://security.archlinux.org/ASA-201706-5", "type": "archlinux", "title": "[ASA-201706-5] libusbmuxd: access restriction bypass", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "kitploit": [{"lastseen": "2020-12-08T15:24:54", "bulletinFamily": "tools", "cvelist": ["CVE-2016-3622", "CVE-2009-3546", "CVE-2016-5314", "CVE-2016-7176", "CVE-2016-4476", "CVE-2016-7420", "CVE-2016-3623", "CVE-2016-6306", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-2183", "CVE-2016-3619", "CVE-2016-2178", "CVE-2016-5322", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-6302", "CVE-2016-3658", "CVE-2016-7177", "CVE-2016-3632", "CVE-2016-7180", "CVE-2016-2177", "CVE-2010-2596", "CVE-2016-7179", "CVE-2016-5104", "CVE-2016-3189", "CVE-2016-3620", "CVE-2015-8751", "CVE-2007-2756", "CVE-2016-6352", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-2180", "CVE-2016-5320", "CVE-2015-4695", "CVE-2007-3477", "CVE-2015-7313", "CVE-2016-3186", "CVE-2016-7175", "CVE-2016-5323", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-5315", "CVE-2014-8130", "CVE-2015-5203", "CVE-2015-7554", "CVE-2007-3472", "CVE-2016-3990", "CVE-2016-4477", "CVE-2016-3633", "CVE-2016-6223", "CVE-2007-0455", "CVE-2016-5317", "CVE-2016-3624", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-5221", "CVE-2016-6303", "CVE-2015-4696", "CVE-2016-5102", "CVE-2006-3376", "CVE-2016-2182", "CVE-2009-1364", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-2179", "CVE-2016-7178", "CVE-2015-0848"], "description": "[  ](<https://4.bp.blogspot.com/-Uf2o3nvS9iI/V-iDG8z9gdI/AAAAAAAAGNQ/lMp_2XaKabgLXdkrp0YBjUx8yOnf0IZzwCLcB/s1600/archlinux-logo-dark.png>)\n\n \nAn utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data \n \nUses data collected by the awesome [ Arch CVE Monitoring Team ](<https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team>) . \n \n** Installation ** \n \n** From AUR ** \nThe PKGBUILD is available [ on AUR ](<https://aur.archlinux.org/packages/arch-audit>) . \nAfter the installation just execute ` arch-audit ` . \n \n** From sources ** \n\n \n \n git clone https://github.com/ilpianista/arch-audit\n cd arch-audit\n cargo build\n cargo run\n\n \n** Example output ** \n\n \n \n $ arch-audit\n Package libwmf is affected by [\"CVE-2009-1364\", \"CVE-2006-3376\", \"CVE-2007-0455\", \"CVE-2007-2756\", \"CVE-2007-3472\", \"CVE-2007-3473\", \"CVE-2007-3477\", \"CVE-2009-3546\", \"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2016-5875\", \"CVE-2016-5314\", \"CVE-2016-5315\", \"CVE-2016-5316\", \"CVE-2016-5317\", \"CVE-2016-5320\", \"CVE-2016-5321\", \"CVE-2016-5322\", \"CVE-2016-5323\", \"CVE-2016-5102\", \"CVE-2016-3991\", \"CVE-2016-3990\", \"CVE-2016-3945\", \"CVE-2016-3658\", \"CVE-2016-3634\", \"CVE-2016-3633\", \"CVE-2016-3632\", \"CVE-2016-3631\", \"CVE-2016-3625\", \"CVE-2016-3624\", \"CVE-2016-3623\", \"CVE-2016-3622\", \"CVE-2016-3621\", \"CVE-2016-3620\", \"CVE-2016-3619\", \"CVE-2016-3186\", \"CVE-2015-8668\", \"CVE-2015-7313\", \"CVE-2014-8130\", \"CVE-2014-8127\", \"CVE-2010-2596\", \"CVE-2016-6223\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2015-7554\", \"CVE-2015-8683\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-8751\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5221\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5203\"]. VULNERABLE!\n Package lib32-openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1:1.0.2.i-1!\n Package wireshark-cli is affected by [\"CVE-2016-7180\", \"CVE-2016-7175\", \"CVE-2016-7176\", \"CVE-2016-7177\", \"CVE-2016-7178\", \"CVE-2016-7179\"]. Update to 2.2.0-1!\n Package wpa_supplicant is affected by [\"CVE-2016-4477\", \"CVE-2016-4476\"]. VULNERABLE!\n Package openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1.0.2.i-1!\n Package crypto++ is affected by [\"CVE-2016-7420\"]. VULNERABLE!\n Package bzip2 is affected by [\"CVE-2016-3189\"]. VULNERABLE!\n Package libimobiledevice is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package libusbmuxd is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package gdk-pixbuf2 is affected by [\"CVE-2016-6352\"]. VULNERABLE!\n \n $ arch-audit --upgradable --quiet\n wireshark-cli>=2.2.0-1\n openssl>=1.0.2.i-1\n lib32-openssl>=1:1.0.2.i-1\n \n $ arch-audit -uf \"%n|%c\"\n openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179\n lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n\n \n \n\n\n** [ Download arch-audit ](<https://github.com/ilpianista/arch-audit>) **\n", "edition": 18, "modified": "2016-10-15T14:30:02", "published": "2016-10-15T14:30:02", "id": "KITPLOIT:2973941148692546578", "href": "http://www.kitploit.com/2016/10/arch-audit-utility-like-pkg-audit-for.html", "title": "arch-audit - An utility like pkg-audit for Arch Linux", "type": "kitploit", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
