Not logged in » Login

Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now

Recent Discussion:

NickBown | 22.12.2018, 14:18
We have come across this issue as well, and don't seem to have found a way around it (the server is ...
NickBown | 20.12.2018, 18:40
Hi everyoneWe've got an RX2540 M1 which won't boot past the Fujitsu splash screen (which shows the i...
MarkM | 15.10.2018, 11:33
Hi there.I do not believe the Fujitsu policy on this subject has changed.So NO you can not order dri...
May 26 2015

Security: NetUSB Vulnerability Brings Back the 90s

Austria-based pentesting company SEC Consult Vulnerability Lab warns of a critical vulnerability in the NetUSB technology developed by KCodes, a Taiwanese vendor of network devices and related software. NetUSB is used to implement "USB over IP" functionality in larger networks and enables workforces to access printers, external HDDs or speakers as though they were locally connected peripherals. According to SEC Consult, the vulnerability could affect routers from up to 26 manufacturers, including leading firms such as D-Link and Netgear.

More precisely, NetUSB works as follows: "USB devices [...] plugged into a Linux-based embedded system (e.g. a router, an access point or a dedicated 'USB over IP' box) are made available via the network using a Linux kernel driver that launches a server (TCP port 20005)," says the SEC Consult Blog. The "embedded system" (router or AP) then connects to a client running Windows or Mac OS X and may start to wreak havoc due to a flawed authentication process: To establish a connection the client and the server side have to undergo a mutual authentication check (with identical static AES keys on either side, which is already problematic enough). When the connection is initiated, the client tells the server its computer name – and "[b]ecause of insufficient input validation, an overly long computer name can be used to overflow the 'computer name' kernel stack buffer," writes SEC Consult analyst Stefan Viehböck in his advisory. "This results in memory corruption which can be turned into arbitrary remote code execution."

SEC Consult initially found the vulnerability in a device manufactured by Chinese router specialist TP-LINK. Upon digging deeper, Viehböck discovered that the dangerous driver – aptly dubbed NetUSB.ko – not only resides in TP-LINK's router firmware, but also in software images from D-Link, Netgear, TRENDnet, and ZyXEL. Altogether, the analyst and his team found 92 products contained the perilous NetUSB code. A detailed list can be found in the advisory linked above, which also includes the names of manufacturers whose network devices could be affected, but were not explicitly tested by SEC Consult. Meanwhile, the gap was listed in the US CERT's National Vulnerability Database. According to German IT news service heise security, TP-LINK offers patches for selected router models, and patches for another 40 products are underway. ZyXEL will start to address the problem with its next firmware updates due on June 18. Another method to mitigate the risk is to disable NetUSB via a router's web interface, but SEC Consult warns that this probably won't work with all productsNetgear in particular seems unwilling to offer any kind of workaround.

Viehböck's findings are interesting for two main reasons that could serve to further damage the reputation of router manufacturers, which has already suffered a lot following the disclosure of numerous security holes in recent years. Number one is that unlike previous bugs, this one affects expensive high-end devices – and not just consumer-grade gear. Number two is that kernel stack buffer overflows like this one should have been eliminated in the late 1990s instead of reaching their teens or possibly young adult age. Obviously, this was some kind of dream...


Comments on this article

No comments yet.

Please Login to leave a comment.