lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20240820141121.1ab31133@syss.de>
Date: Tue, 20 Aug 2024 14:11:21 +0200
From: Sebastian Hamann via Fulldisclosure <fulldisclosure@...lists.org>
To: <fulldisclosure@...lists.org>
Subject: [FD] [SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party
 Components

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID:               SYSS-2024-041
Product:                   DiCal-RED
Manufacturer:              Swissphone Wireless AG
Affected Version(s):       Unknown
Tested Version(s):         4009
Vulnerability Type:        Use of Unmaintained Third Party Components (CWE-1104)
Risk Level:                High
Solution Status:           Open
Manufacturer Notification: 2024-04-16
Solution Date:             None
Public Disclosure:         2024-08-20
CVE Reference:             CVE-2016-5195, CVE-2016-7406, CVE-2019-12815 and others
Author of Advisory:        Sebastian Hamann, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

DiCal-RED is a radio module for communication between emergency vehicles and
control rooms. It provides Ethernet, Wi-Fi and cellular network connectivity
and runs a Linux- and BusyBox-based operating system.

The manufacturer describes the product as follows (see [1]):

"The DiCal-Red radio data module reliably guides you to your destination. This
is ensured by the linking of navigation (also for the transmission of position
data) and various radio modules."

Due to the use of unmaintained third-party software components, the device is
vulnerable to numerous known security issues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The device's operating system is based on several well-known open-source
products, such as the Linux kernel, the Dropbear SSH server and the
ProFTPD FTP server.

In particular, it runs the following versions:

 Product      | Version | Released
 -------------|---------|--------------
 Linux kernel | 3.14.35 | March 2015
 Dropbear     | 2013.56 | March 2013
 ProFTPD      |  1.3.3g | November 2011

There are several publicly known security issues that affect these software
versions, such as CVE-2016-5195, CVE-2016-7406 or CVE-2019-12815.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

None

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The manufacturer recommends not running the device in an untrusted network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2024-02-29: Vulnerability discovered
2024-04-16: Vulnerability reported to manufacturer
2024-05-10: Manufacturer states that the vulnerability will not be fixed
2024-05-14: Vulnerability reported to CERT-Bund
2024-08-13: CERT-Bund informs us that the vendor declared the product EOL
2024-08-20: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for DiCal-RED
    https://www.swissphone.com/solutions/components/terminals/radio-data-module-dical-red/
[2] SySS Security Advisory SYSS-2024-041
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-041.txt
[3] SySS Responsible Disclosure Policy
    https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: sebastian.hamann@...s.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc
Key ID: 0x9CE0E440429D8B96
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAmbEQgQACgkQnODkQEKd
i5bc5A//bNGaYSQgB48TQes7HlvC5hsYWgtFZU6xdI+V6SEkeGkMGAPfItRDjgAt
fUxbP+UZbjkgBZuHk5wJJYFWYEHE7a+PFJW7JC3kwioVqanrxzlST/PCCIyxNFZR
Jy/bwC0EkE5xsyDrOmMbfBAOicObLChmXw7XuN5ec14VUPNjrBL++iYH2Y694ZnC
sP+sxD7g2QDxTllHkpIcWVZN0T/hH3RHOS5SM0Kv8SfDln38lOSuPbMkr/V/wmpG
FWpjgYWjtSLFQwozJWxEbp/X6/nwxTIRM1/kTgjNeBZDa74mIGPdxPLDKXYlytI6
/Wrj6PjN+UjA6fbxb+LvYdtx/xQ98gPj5k84/qlQ8fNO24bSq3VUOcoATm640TtM
9MEjr38rF/FPksufef1gj45m9/HgnPSeXyVkf5XZR6ipb9Mc+elpO7f+YivY5wfB
DOuEiYaCJsQL+7KZrVR2c3+4rVTQOiUOzRT8QUPu0//naHfLDtq0DRAlRJQHzIiY
2xqJPvs4XcmctsokqvbHGikPROEU36cJSBKdSqrorLmC6EU0fPF4c3EzGVSRkHpT
LOhIjACUWteOLjh3BJhXAobS1jIwS73HUFO+Vr1RT54lhrmXlWIW8WrexDrdA9mz
ALGeZDjb5uH8Y4DQ5oWOXVbK8eSFAJc/FRRDMRHsiAMWWozOBik=
=R39e
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ