- Jan 24, 2011
- 9,377
TP-LINK scheduled fixes for about 40 of its products
NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.
Tracked as CVE-2015-3036, the security flaw is a remote kernel stack buffer overflow that can be triggered by a client when connecting to the server deployed on the networking device (TCP port 20005).
“Rare” remote kernel stack buffer overflow
NetUSB technology is developed by KCodes, a company from Taiwan, to provide USB over IP functionality. It relies on a Linux kernel driver to launch a server that communicates with a client available in software on computer systems running Windows or OS X.
The feature allows users to emulate on the computer a USB device (printer, hard drive) connected to an embedded system, such as a router or access point. The capability is known under different names, “ReadySHARE,” “USB share port” or “print sharing” being a few of them.
According to Austria-based SEC Consult Vulnerability Lab, the client sends the computer name to the server when the connection between the two is established.
However, if the client delivers to the server a name longer than 64 characters, the stack buffer overflows upon reception from the socket. “All the server code runs in kernel mode, so this is a ‘rare’ remote kernel stack buffer overflow,” the researchers said in a blog poston Tuesday.
For the connection to occur, authentication is required, based on an AES encryption key; but researchers say that the key is present both in the kernel driver and in the client software installed on the computer system.
Read more: http://news.softpedia.com/news/Mill...vices-Run-Vulnerable-NetUSB-Code-481677.shtml
NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.
Tracked as CVE-2015-3036, the security flaw is a remote kernel stack buffer overflow that can be triggered by a client when connecting to the server deployed on the networking device (TCP port 20005).
“Rare” remote kernel stack buffer overflow
NetUSB technology is developed by KCodes, a company from Taiwan, to provide USB over IP functionality. It relies on a Linux kernel driver to launch a server that communicates with a client available in software on computer systems running Windows or OS X.
The feature allows users to emulate on the computer a USB device (printer, hard drive) connected to an embedded system, such as a router or access point. The capability is known under different names, “ReadySHARE,” “USB share port” or “print sharing” being a few of them.
According to Austria-based SEC Consult Vulnerability Lab, the client sends the computer name to the server when the connection between the two is established.
However, if the client delivers to the server a name longer than 64 characters, the stack buffer overflows upon reception from the socket. “All the server code runs in kernel mode, so this is a ‘rare’ remote kernel stack buffer overflow,” the researchers said in a blog poston Tuesday.
For the connection to occur, authentication is required, based on an AES encryption key; but researchers say that the key is present both in the kernel driver and in the client software installed on the computer system.
Read more: http://news.softpedia.com/news/Mill...vices-Run-Vulnerable-NetUSB-Code-481677.shtml