The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
1638ec208f8e37eaf9b5a1c43ce2ce9035fedf7e2ee03ce599899ee97a9d2669Ubuntu Security Notice 5748-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.
05fabde1cb6cfea55f277c3be3e27829f8f1a26de0cc437db0a779377dc8a475Ubuntu Security Notice 5735-1 - It was discovered that Sysstat did not properly check bounds when performing certain arithmetic operations on 32 bit systems. An attacker could possibly use this issue to cause a crash or arbitrary code execution.
45f097bdfc4f75ce6f2004c8ec2587ccbdede20ee7a418d1e6ecf22083803e00Gentoo Linux Security Advisory 202211-7 - An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution. Versions less than 12.7.1 are affected.
7f2205c4fc69cb1dd9841f09de7e7b025708e1abc6f838dfeaf880d23cbba2a7When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
2ceb86673a9c736cebd67a39527a5eb8f328102b032e0b9271b870c40377d572When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual. Thus, an attacker with physical access to such a USB drive can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
804a05333025641223da065ca26bc382662a75dcb6a1c913f590cb580995be6eRed Hat Security Advisory 2022-0633-01 - The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Issues addressed include an integer overflow vulnerability.
d6a9b0e5243d69b875c5bd5c061617a287c5be6049571929f290b16edd0ba32dRed Hat Security Advisory 2020-4638-01 - The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Issues addressed include an integer overflow vulnerability.
7cc73dfc2f3b21940ff3c67db16d6456641aba6176686696fcea33cc06621b72Ubuntu Security Notice 4242-1 - It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
961e6ea3c906486f9f2177fe868edbdb21061f104607aeb6cc13cf36e06718f2SySS GmbH found out that the wireless desktop set Fujitsu LX390 is vulnerable to keystroke injection attacks as the used data communication is unencrypted and unauthenticated.
72e3a8a7ac3d4e50e3972e6d6918be3b7f2b6ca3eca7ea02e00dfe5635e73ab0SySS GmbH found out that the wireless desktop set Fujitsu LX390 does not use encryption for transmitting data packets containing keyboard events like keystrokes.
428f12fda63193810aa96ae244938aed4cd7ce68fd0888dd83fb5f74b77cccf2SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
933f2992509d7280ad24c43f072e8b31d6120616cedff0435434455cee6645f2SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
ddef568ac1a9b0a2ad733adb0361167469bb13ac9e72018fa9dd34b5b66a993aSySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
a5148241981394c2a24fc78dd0e069153a14fc48069935d8f1b62a025fbcf8aaThomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.
1e8bdcc2aac5543c46a47138bfd7aaeba7d32444b036b9f6db96a45e4987806aThomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.
4fb6b1bb33c005b26a8192228bc5ffdcbbcb440ba5889e85c120133752973a41SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).
555e9592017214071d19547d41a4cd74d3f40548f4da4cae61826dbe7096f255MaxxAudio Drivers WavesSysSvc64.exe version 1.6.2.0 suffers from a file permission privilege escalation vulnerability that results in SYSTEM level access.
72acdde174438eb054a35431880ce052ad4a8290bb3ba6a600028ee487a2cb42This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).
c3809eac9d774959095aaa64f57d5970b03ee8190b8247907992919c1953a04eMATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.
5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdbMATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.
9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7bSySS GmbH found out that the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50013) is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will.
8a8d17e3da23eea63578ceb1aa4e218702f1cf2045f0bebd979c6137285f27e3SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.
f2b5958d04f9bcacb801da8a3f95c98a49142000d47cd1feadd0ebc033c088f0In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.
16bdb44dfe3a5da3e0a9b5376b22c5274d1bfbf4ba7e2ff6870b90b93b63eb07The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.
0ea7840b55195ffc59088e4202c17bca17d25971220fb512df76ebf66e0575f9CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed