{"vuid":"VU#177092","idnumber":"177092","name":"KCodes NetUSB kernel driver is vulnerable to buffer overflow","keywords":["CVE-2015-3036","buffer overflow","usb","ip"],"overview":"KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.","clean_desc":"KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network. CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036 According to the reporter, computer client data provided when connecting to the NetUSB server is not properly validated by the driver before processing, resulting in a buffer overflow that may lead to a denial of service or code execution. More information can be found in SEC Consult's advisory. The NetUSB driver provided by KCodes has been integrated into several vendors' products. For more information, please see the Vendor Information section below. CERT/CC has been unable to confirm this information directly with KCodes.","impact":"According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.","resolution":"Update the firmware Refer to the Vendor Information section below and contact your vendor for firmware update information. Affected users may also consider the following workarounds:","workarounds":"Disable device sharing Consult your device's vendor and documentation as some devices may allow disabling the USB device sharing service on your network. Block port 20005 Blocking port 20005 on the local network may help mitigate this attack by preventing access to the service.","sysaffected":"","thanks":"Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.","author":"This document was written by Garret Wassermann.","public":["https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt","http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html"],"cveids":["CVE-2015-3036"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-03-26T19:02:56Z","publicdate":"2015-05-19T00:00:00Z","datefirstpublished":"2015-05-19T14:14:57Z","dateupdated":"2015-06-05T14:54:10Z","revision":96,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.7","cvss_basevector":"AV:A/AC:M/Au:N/C:N/I:N/A:C","cvss_temporalscore":"4.9","cvss_environmentalscore":"3.6511788513312","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}