Siemens Information for VU#362332

Wind River Systems VxWorks debug service enabled by default

Status

Affected

Vendor Statement

Security Advisory Report - OBSO-1010-01

Enabled VxWorks debug service
Creation Date: 2010-10-15
Last Update: 2010-10-15

Summary
A security researcher has identified a large number of products based on the VxWorks platform provided by Wind River Systems with a debug service enabled by default at port 17185/udp.

Vulnerability Details
The debug service provides full access to the memory of an affected device and allows for memory to be written as well as functions to be called. Of the various products based on VxWorks, the following are not affected by this vulnerability: HiPath Wireless Convergence, RG 8700, optiPoint 410/420 SIP and HFA (V5).

Affected Products

  • HiPath 3000 (HG 1500 Gateway)
  • HiPath 4000 (HG 35xx Gateway)
  • optiPoint 410/420 HFA, versions before V5
  • optiPoint 600 office

Recommended Actions
In general, it is recommended not to attach the mentioned systems directly at the internet. Appropriate firewall rules should be implemented to restrict access to the debug service (17185/udp).

The problem is solved in the following versions; an update to these or higher versions is highly recommended:
  • HiPath 3000 V8: V8 R5.2.0
  • HiPath 4000 V4: V4 R4.1.12
  • HiPath 4000 V5: V5 R1.2.4

Please note:
  • HiPath 3000 V7: You need to upgrade the HG 1500 gateway only. Please use V8 R5.2.0 for this. You may keep the system itself in V7.
  • HiPath 3000 V6 and earlier have reached end of SW support; please consider an upgrade to V7 or V8
  • HiPath 4000 V3 and earlier have reached end of SW support; please consider an upgrade to V4 or higher.
  • Some older, unsupported versions of optiPoint 410/420 HFA IP phones are also vulnerable. Please ensure, that V5 is installed on all phones.
  • optiPoint 600 office has reached end of life since a few years already; an update is unfortunately not available

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2965
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
http://www.kb.cert.org/vuls/id/362332

Revision History
2010-10-15 Initial release

Contact and Disclaimer
OpenScale Baseline Security Office
obso@siemens-enterprise.com
Siemens Enterprise Communications GmbH & Co KG 2010
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG

The information provided in this document is subject to change without notice. Siemens Enterpise Communications GmbH & Co KG (SEN) assumes no responsibility for any errors that may appear in this document, and it does not affect your current support agreements with SEN. Any trademarks referenced in this document are the property of their respective owners.
---End Vendor Statement-------------------------------------------------------------------

Vendor Information

The vendor provided the above advisory information for their affected products.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.