Executive Summary

Summary
Title KCodes NetUSB kernel driver is vulnerable to buffer overflow
Informations
Name VU#177092 First vendor Publication 2015-05-19
Vendor VU-CERT Last vendor Modification 2015-06-05
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#177092

KCodes NetUSB kernel driver is vulnerable to buffer overflow

Original Release date: 19 May 2015 | Last revised: 05 Jun 2015

Overview

KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.

Description

KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036

According to the reporter, computer client data provided when connecting to the NetUSB server is not properly validated by the driver before processing, resulting in a buffer overflow that may lead to a denial of service or code execution. More information can be found in SEC Consult's advisory.

The NetUSB driver provided by KCodes has been integrated into several vendors' products. For more information, please see the Vendor Information section below.

CERT/CC has been unable to confirm this information directly with KCodes.

Impact

According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.

Solution

Update the firmware

Refer to the Vendor Information section below and contact your vendor for firmware update information.

Affected users may also consider the following workarounds:

Disable device sharing

Consult your device's vendor and documentation as some devices may allow disabling the USB device sharing service on your network.

Block port 20005

Blocking port 20005 on the local network may help mitigate this attack by preventing access to the service.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected10 Apr 201522 May 2015
KCodesAffected06 Apr 201508 Apr 2015
Netgear, Inc.Affected10 Apr 201505 Jun 2015
TP-LINKAffected10 Apr 201518 May 2015
TRENDnetAffected10 Apr 201527 May 2015
ZyXELAffected10 Apr 201522 May 2015
Ambir TechnologiesNot Affected10 Apr 201521 May 2015
PeplinkNot Affected-01 Jun 2015
ALLNET GmbHUnknown15 Apr 201515 Apr 2015
AsanteUnknown15 Apr 201515 Apr 2015
CiscoUnknown29 Apr 201529 Apr 2015
DigitusUnknown15 Apr 201515 Apr 2015
Edimax Computer CompanyUnknown10 Apr 201510 Apr 2015
Encore ElectronicsUnknown10 Apr 201510 Apr 2015
IOGEARUnknown15 Apr 201515 Apr 2015
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

GroupScoreVector
Base5.7AV:A/AC:M/Au:N/C:N/I:N/A:C
Temporal4.9E:POC/RL:W/RC:C
Environmental3.7CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt
  • http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html

Credit

Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-3036
  • Date Public:19 May 2015
  • Date First Published:19 May 2015
  • Date Last Updated:05 Jun 2015
  • Document Revision:95

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/177092

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2015-06-05 17:24:48
  • Multiple Updates
2015-05-27 17:25:17
  • Multiple Updates
2015-05-22 21:27:30
  • Multiple Updates
2015-05-22 17:24:58
  • Multiple Updates
2015-05-22 05:32:24
  • Multiple Updates
2015-05-21 21:25:52
  • Multiple Updates
2015-05-21 09:33:39
  • Multiple Updates
2015-05-19 21:25:16
  • Multiple Updates
2015-05-19 17:24:41
  • First insertion