NetUSB Vulnerability Means Trouble For Linux-Based Home Routers: What To Do Now?
Just a day after the disclosure of the Logjam SSL exploit, yet another serious open source vulnerability has surfaced. Dubbed “NetUSB” for the driver in which it resides, this vulnerability affects Linux-based networking equipment, home routers in particular, that support “USB over IP” – remote mounting USB flash drives and support for other USB peripherals, such as printers and keyboards, over a local network.
Given the ubiquitousness of SOHO routers, this vulnerability most likely impacts tens of millions of devices in homes, small offices, and other locales. It is doubly concerning because these settings (as opposed to enterprise IT) typically lack security oversight, with many device owners lacking sufficient expertise to remedy NetUSB and other similar vulnerabilities, even through vendor-supplied updates.
The vulnerability arises from that most familiar of sources – a potential buffer overflow in the 64-byte string that conveys the name of the client computer (running Windows and/or MacOS) to the driver. By cramming more than 64 bytes of data into that buffer, black hats can crash the router (for denial of service) and in some cases, cause malicious code to run on the router itself (remote code execution).
The most distressing attribute of NetUSB is that the vulnerability resides in a Linux kernel driver, which, in theory, is among some of the most visible and best-curated code in all of open source. The code originates with Taiwanese vendor KCodes and has found its way into hardware from D-Link, Netgear, TP-Link, Trendnet ZyXE and likely dozens of others, affecting over 90 router products. (See the full list in advisory here.)
Read More (originally published on Open Source Delivers on 05/26/2015)