KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.
KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036
According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.
Update the firmware
Disable device sharing
Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2015-05-19|
|Date Last Updated:||2015-06-05 14:54 UTC|