search menu icon-carat-right cmu-wordmark

CERT Coordination Center

S2 Security Netbox/Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset

Vulnerability Note VU#571629

Original Release Date: 2010-01-04 | Last Revised: 2010-07-26

Overview

The S2 Security Netbox/Linear eMerge Access Control System management console allows an unauthenticated attacker to perform a factory reset of the management system.

Description

Linear eMerge is an IP-enabled security management and access control system. The product is distributed by Linear LLC, however the product is created by the S2 Security Corporation. Linear eMerge has two types of components. The first is a Linux system that runs a web server and a database. This component is used to configure the access control system through the use of a web browser. The other component are the node controls, which operate building security hardware, such as locks, card readers, elevator buttons, motion detectors, etc.

The management component of eMerge can be reset to its factory configuration through the use of a specially crafted URI. No authentication is required. Once this happens, the management component will no longer be functional and will be taken off of the network because it will lose its IP address. If this happens, the node components will continue to operate, but in a standalone configuration. The nodes can continue to operate in this manner indefinitely.

The functionality of the management controller can be resumed by restoring a database backup, which is created automatically every night.

Software versions 2.5.x are reported to be affected.

Impact

By following a specially crafted URI, a local, unauthenticated attacker can cause a denial-of-service condition on the eMerge management controller. Note that this condition does not affect the operation of the node components.

Solution

Apply an update
S2 Security has made patches or upgrades available to address this vulnerability for NetBox version 2.5. Please contact S2 or Linear customer support.

Vendor Information

571629
 

Linear LLC Affected

Notified:  October 21, 2009 Updated: July 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is addressed in an upgrade script for Linear eMerge. Please contact Linear for update availability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

S2 Security Affected

Notified:  October 28, 2009 Updated: July 26, 2010

Statement Date:   April 29, 2010

Status

Affected

Vendor Statement

S2 Security has made patches or upgrades available to address this vulnerability for NetBox version 2.5. Please contact S2 or Linear customer support.

Vendor Information

We are not aware of further vendor information about this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Shawn Merdinger for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2009-3734
Severity Metric: 0.25
Date Public: 2010-01-04
Date First Published: 2010-01-04
Date Last Updated: 2010-07-26 19:52 UTC
Document Revision: 21

Sponsored by CISA.