Vulnerability Note VU#177092
KCodes NetUSB kernel driver is vulnerable to buffer overflow
Original Release date: 19 May 2015 | Last revised: 05 Jun 2015
KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.
KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) – CVE-2015-3036
According to the reporter, computer client data provided when connecting to the NetUSB server is not properly validated by the driver before processing, resulting in a buffer overflow that may lead to a denial of service or code execution. More information can be found in SEC Consult’s advisory.
The NetUSB driver provided by KCodes has been integrated into several vendors’ products. For more information, please see the Vendor Information section below.
CERT/CC has been unable to confirm this information directly with KCodes.
According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.
Update the firmware
Refer to the Vendor Information section below and contact your vendor for firmware update information.
Affected users may also consider the following workarounds:
Disable device sharing
Consult your device’s vendor and documentation as some devices may allow disabling the USB device sharing service on your network.
Block port 20005
Blocking port 20005 on the local network may help mitigate this attack by preventing access to the service.
Vendor Information (Learn More)
VendorStatusDate NotifiedDate UpdatedD-Link Systems, Inc.Affected10 Apr 201522 May 2015
KCodesAffected06 Apr 201508 Apr 2015
Netgear, Inc.Affected10 Apr 201505 Jun 2015
TP-LINKAffected10 Apr 201518 May 2015
TRENDnetAffected10 Apr 201527 May 2015
ZyXELAffected10 Apr 201522 May 2015
Ambir TechnologiesNot Affected10 Apr 201521 May 2015
PeplinkNot Affected-01 Jun 2015
ALLNET GmbHUnknown15 Apr 201515 Apr 2015
AsanteUnknown15 Apr 201515 Apr 2015
CiscoUnknown29 Apr 201529 Apr 2015
DigitusUnknown15 Apr 201515 Apr 2015
Edimax Computer CompanyUnknown10 Apr 201510 Apr 2015
Encore ElectronicsUnknown10 Apr 201510 Apr 2015
IOGEARUnknown15 Apr 201515 Apr 2015If you are a vendor and your product is affected, let
us know.View More »
CVSS Metrics (Learn More)
Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.
This document was written by Garret Wassermann.
19 May 2015
Date First Published:
19 May 2015
Date Last Updated:
05 Jun 2015
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.