[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-072 Product: Protect 9061 Manufacturer: Olympia Affected Version(s): Article No. 5943 rev.03 Tested Version(s): Article No. 5943 rev.03 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-21 Solution Date: 2016-11-14 Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Olympia Protect 9061 is a wireless alarm system with different features. Some of the supported features as described by the manufacturer are (see [1]): " Wireless alarm system with emergency call and handsfree function Integrated GSM (Dual Band) phone dialling with message function Handsfree/Room monitoring functions on the base unit Up to 10 phone numbers can be programmed Accoustic alarm via built-in sirene Programme the forwarding of alarms to external telephones (e.g. mobile phones) Alarm per Telephone with message function Individual message for each sensor, max. 10 seconds long Power failure backup in the base unit Can be upgraded to support up to max. 32 sensors Easy integration of the optional sensors via Plug & Play method " Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Olympia Protect 9061 is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the Olympia Protect 9061 wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio and disarm a Olympia Protect 9061 wireless alarm system in an unauthorized way. Solution: The reported security issue was fixed by the manufacturer in a new product version. Further information can be found via the following URL [2]: http://www.olympia-vertrieb.de/de/support/faq/sicherheitsprodukte.html Disclosure Timeline: 2016-07-21: Vulnerability reported to manufacturer 2016-08-25: Rescheduled publication date of the security advisory in agreement with the manufacturer 2016-09-13: According to the manufacturer, a fix to the reported security issue is available. 2016-10-06: The manufacturer presents the solution to the reported security issue to SySS GmbH 2016-11-14: Manufacturer provides further information concerning the security fix 2016-11-23: Public release of security advisory References: [1] Product website for Olympia Protect 9061 wireless alarm system http://www.olympia-vertrieb.de/en/products/security/wireless-alarm-systems/protect-9061.html [2] Information by the manufacturer concerning the security fix http://www.olympia-vertrieb.de/de/support/faq/sicherheitsprodukte.html [3] SySS Security Advisory SYSS-2016-072 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-072.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNChfAAoJENmkv2o0rU2rT84QAKdU+IVv35uihXP5SnileQCe ygI9vsfUBK8xrbvRN4uuBaR2Lf70dHxIZkXuGuxhh3DAn3OrM6uE4K1xQW13DMPR toKAyMXfDWA0Q2+wz0Fz/f86VMGArWoxRTe0Wl7rxhv1N7da2Qi1Bs6+I+
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-106 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-09-26 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The EASY HOME MAS-S01-09 is a wireless alarm system with different features sold by ALDI SÜD. Some of the features as described in the German product manual are (see [1]): " - - Alarmanlagen-Set mit drahtlosen Sensoren und Mobilfunk-Anbindung - - SOS-Modus, Stiller Alarm, Überwachungs- und Intercom-Funktion - - Integrierte Quad-Band Mobilfunkeinheit für GSM-Netze im 850 / 900 / 1800 / 1900 MHz-Bereich - - Alarmbenachrichtigung auf externe Telefone - - Eingebaute Sirene (ca. 90 dB), inkl. Anschluss für externe Sirene - - Unterstützung für bis zu 98 kabellosen Sensoren / bis zu 4 kabelgebundene Sensoren - - Stromausfallsicherung der Basiseinheit durch 4 x AAA Alkaline-Batterien - - Fernbedienbar per Telefon " Due to an insecure implementation of the used 433 MHz radio communication, the EASY HOME MAS-S01-09 wireless alarm system is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the EASY HOME MAS-S01-09 wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the 433 MHz radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio and disarm an EASY HOME MAS-S01-09 wireless alarm system in an unauthorized way. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability concerning the tested product version. For further information please contact the manufacturer. Disclosure Timeline: 2016-09-26: Vulnerability reported to manufacturer 2016-09-30: Manufacturer responds to reported security issue and that the information will be integrated in the next product version 2016-09-30: E-mail to manufacturer concerning a security advice in the product manual 2016-10-04: Response concerning security advice in product manual 2016-11-23: Public release of security advisory References: [1] Product manual of EASY HOME MAS-S01-09 wireless alarm system http://monolith-shop.de/wp-content/uploads/2016/09/MAS-S01-09_Alarmanlage_Bedienungsanleitung.pdf [2] SySS Security Advisory SYSS-2016-106 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-106.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNChqAAoJENmkv2o0rU2rznUP/R2Pg/9Dkc3GPJDKGd1HTaSo AC/qluqMjGs8FcPj03WPewT2MlTRBLdkEsgP9kUluC8ohvPS6ybBsogTjcNPQ+vp Qu0gqbhPohTv2VcRlMFAlLycuv2jG56OZ9H6hyNxhCTb8rY8RUI1Ox8R+KQEEFTW fASLsoGt6aRRucHSQW0v/W8MfAVM4oo7JGTt5NG5aJ6Fl7pzJJ2a31KZ/lFnAXo3 4WJf5z3WbiHVb9nHs9d95+RrbCQWOAi34VRvlENlc6Sw6dYQ6QvaC0L+SA7CKhbe z0qy0xiz0H14ISnX+7MeVQzvw/MFCA75qRljMoTNVxM3Sm8jxEh7KxYIXL9/KdY6 e76zGYo70YUYRq5lvwI9YRtcTWELzEQ5kanD0W0f8BnrT76l3DDFiCprK4By8dwP rxJKjPKIgt6hdibQ5BQn
CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the seventeenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these through December and January. The below information is available in more detail on my blog at http://blog.skylined.nl/20161123001.html. There you can find a repro that triggered this issue, snippets from the vulnerable source and more details in addition to the information below. Follow me on http://twitter.com/berendjanwever for daily browser bugs. Chrome blink SpeechRecognitionController use-after-free === (Chromium 455857, CVE-2015-1251) Synopsis A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Known affected software and attack vectors -- + Google Chrome 39.0 An attacker would need to get a target user to open a specially crafted webpage. Disabling Javascript should prevent an attacker from triggering the vulnerable code path. Description --- Creating a `webkitSpeechRecognition` Javascript object in a popup window before closing the popup frees a C++ object used internally by the speech recognition API code but leaves a dangling pointer to the freed memory in another C++ object. When the `start()` Javascript method is called, this dangling pointer is used to try to read a function pointer from a virtual function table and call that function. An attacker has ample time to groom the heap between the free and re-use in order to control the function pointer used by the code, allowing arbitrary code execution. Exploit --- An attacker looking to exploit this issue is going to want to try and control the contents of the freed memory, before getting the code to use the dangling pointer to call a virtual function. Doing so would allow an attacker to execute arbitrary code. This is made possible because steps 5 and 6 can both be triggered at a time of the attackers choosing, giving the attacker the ability to free the memory in step 5 whenever this is convenient and attempt to reallocate and fill it with any data before executing step 6. This should allow an attacker to create a fake `vftable` pointer and gain arbitrary code execution. In order to develop a working exploit, existing mitigations will need to be bypassed, most significantly ASLR and DEP. As this vulnerability by itself does not appear to allow bypassing these mitigations, I did not develop a working exploit for it. Time-line - * November 2014: This vulnerability was found through fuzzing. * December 2014: This vulnerability was submitted to ZDI and iDefense. * January 2015: This vulnerability was acquired by ZDI. * February 2015: This vulnerability was fixed in revision 190993. * May 2015: This vulnerability was addressed by Google in Chrome 43.0.2357.65. * November 2016: Details of this issue are released. Cheers, SkyLined 0x2557C5AA.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05336888
Version: 1
HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using
SSL/TLS, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-11-18
Last Updated: 2016-11-18
Potential Security Impact: Remote: Multiple Vulnerabilities
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite
could potentially impact HPE Comware 5 and Comware 7 network products using
SSL/TLS. These vulnerabilities could be exploited remotely to conduct
spoofing attacks and plaintext recovery attacks resulting in disclosure of
information.
References:
- CVE-2004-2761 - MD5 Hash Collision Vulnerability
- CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability
- CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah"
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware 5 (CW5) Products All versions
- Comware 7 (CW7) Products All versions
BACKGROUND
CVSS Base Metrics
=
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2004-2761
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE-2013-2566
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2015-2808
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has released the following mitigation information to resolve the
vulnerabilities in HPE Comware 5 and Comware 7 network products.
*Note:* Please contact HPE Technical Support for any assistance configuring
the recommended settings.
**Mitigation for the hash collision vulnerability in the MD5 Algorithm:**
+ For Comware V7, this issue only exists when the key-type is RSA and the
public key length less than 1024 bits.
Since the default length of the RSA key is 1024 bits, the length should
only have to be set manually if necessary.
Example command to set the RSA key length to 1024 bits:
public-key rsa general name xxx length 1024
+ For Comware V5, this issue only exists when the key-type is RSA.
HPE recommends using DSA and ECDSA keys and not an RSA key.
**Mitigation for the RC4 vulnerabilities:**
HPE recommends disabling RC2 and RC4 ciphers.
+ For Comware V7, remove the RC2/RC4 ciphers:
- exp_rsa_rc2_md5
- exp_rsa_rc4_md5
- rsa_rc4_128_md5
- rsa_rc4_128_sha
Example using the *ssl server-policy “name” ciphersuite* command to
omit the RC2/RC4 ciphers:
ssl server-policy “name” ciphersuite { dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }
Example using the *ssl client-policy “name” prefer-cipher* command
to omit the RC2/RC4 ciphers:
ssl client-policy “name” prefer-cipher { dhe_rsa_aes_128_cbc_sha
| dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }
+ For Comware V5, remove the following RC4 ciphers:
- rsa_rc4_128_md5
- rsa_rc4_128_sha
Example using the *ssl server-policy “name” ciphersuite* command to
omit the RC4 ciphers:
ssl server-policy “name” ciphersuite { rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha }
Example using the *ssl client-policy “name” prefer-cipher* command
to omit the RC4 ciphers:
ssl client-policy “name” prefer-cipher { rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha }
**COMWARE 5 Products**
+ **HSR6602 (Comware 5) - Version: See Mitigation**
* HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
+ **HSR6800 (Comware 5) - Version: See Mitigation**
* HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition CVE-2016-7098 Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Severity: Medium GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution etc. The full advisory and a PoC exploit can be found at: https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html For updates, follow: https://twitter.com/dawid_golunski -- Regards, Dawid Golunski https://legalhackers.com t: @dawid_golunski
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-066 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Gerhard Klostermeier, SySS GmbH Overview: The M2B GSM wireless alarm system by Multi Kon Trade (MKT) was tested for possible security issues. Some features of this alarm system as described by the manufacturer are (see [1]): * You will be noticed of any alarm by call or by SMS message. * The alarm system has a battery which will last 6 to 8 hours in case of a blackout. * You can pair up to 99 devices (sensors, remote control, etc.). * You do not have to run any cables. Everything is wireless. * It is possible to trigger alarms in case of fire, even if the alarm is disabled. * It is possible to trigger the alarm with a delay. Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the M2B GSM wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH build a small device that is able to perform replay attacks against the 433 MHz radio communication of the M2B GSM wireless alarm system, for example in order to arm and disarm the wireless remote system in an unauthorized manner. Solution: Do not use the 433 MHz remote control to arm or disarm the system. Instead it is recommended to use the app for iOS and Android smartphones or to arm and disarm the system manually with the on-board keypad. (Solution as suggested by the vendor.) Disclosure Timeline: 2016-07-05: Vulnerability reported to manufacturer 2016-10-13: Response from the vendor with the solution on how to mitigate the risk 2016-11-23: Public release of security advisory References: [1] M2B GSM Wireless Alarm System, Multi Kon Trade http://multikontrade.de/GSM-Funk-Alarmanlage [2] PT2260 Remote Control Encoder, Princeton Technology Corp. http://www.princeton.com.tw/Portals/0/Product/PT2260_4.pdf [3] SySS Security Advisory SYSS-2016-066 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-066.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Gerhard Klostermeier of SySS GmbH. E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNCg9AAoJENmkv2o0rU2rtIMP/3OZVr9igvbqmDaOWyvdQbkS q5wF+qf48ACbeqzWJHbzp7y5GE+hsvuMvnpLa2JMwg8E+Wqo7P9/TBKJ/F/W8YRb b2skOQFDuuF3CNG1Uco+hDhPs1FvWVAtOy+YUPPI45IMm+/hOXTRttosns++ZSug GGW8AOtr1KdNQc4UWm0Xex/d71mpP+a1Y4zKTQXXoIw1i2zSxloX1pv/n+WYyRho CKOmfaZnzNAakrmHjfQAMYzUk9Ed30H8YA6Y80QwJgns+LqYGu3updNpD8u4cabq cDC0YOrnyOVuLZgr6itVq6kNu5jPhVkM7ECuTdHWkZOrS1gArti6by5um/xtmO7U fpBjUNtIxqj6yymkkGZ3HK3nxtvlfJk2zqwwJA+z0j1YyzpZwIHB7EUqe/lsiDVx Fu1OGURRlbU2ES3LFfKWwG3S4ZQSa7sI6CZFJjMR8m9E3UNSwYLhMisK8FuooY4A xFOusWlNTj6yPMUe2RXoCUD8lmbOJpPUqIbzfIcK4ek2xGtwWb/9AkmSJhxrFcEg ktCFV2DzFCwkgfYjrKPx4baOpFWYh+A99YzK8rDqVkWTsOSAV/M9NON3jiN3Ai46 Vubtn1bAIzwnaLpzZ2YESOvifFxDlQhpuQCAm4enWkOU2W
