search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

KCodes NetUSB kernel driver is vulnerable to buffer overflow

Vulnerability Note VU#177092

Original Release Date: 2015-05-19 | Last Revised: 2015-06-05

Overview

KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.

Description

KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036

According to the reporter, computer client data provided when connecting to the NetUSB server is not properly validated by the driver before processing, resulting in a buffer overflow that may lead to a denial of service or code execution. More information can be found in SEC Consult's advisory.

The NetUSB driver provided by KCodes has been integrated into several vendors' products. For more information, please see the Vendor Information section below.

CERT/CC has been unable to confirm this information directly with KCodes.

Impact

According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.

Solution

Update the firmware

Refer to the Vendor Information section below and contact your vendor for firmware update information.

Affected users may also consider the following workarounds:

Disable device sharing

Consult your device's vendor and documentation as some devices may allow disabling the USB device sharing service on your network.

Block port 20005

Blocking port 20005 on the local network may help mitigate this attack by preventing access to the service.

Vendor Information

177092
 
Expand all

View all 20 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 5.7 AV:A/AC:M/Au:N/C:N/I:N/A:C
Temporal 4.9 E:POC/RL:W/RC:C
Environmental 3.7 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-3036
Date Public: 2015-05-19
Date First Published: 2015-05-19
Date Last Updated: 2015-06-05 14:54 UTC
Document Revision: 96

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis