Saturday, April 27, 2019

ICS Public Disclosures – Week of 04-27-19

This week we have exploit code published for a possible zero-day vulnerability in products from Siemens.

Google Security Research published exploit code for a race condition vulnerability in Siemens R3964 line discipline code, a Linux driver that allows synchronous communication with devices using the Siemens R3964 packet protocol. The Google report notes that this vulnerability is fixed, but according to the Linux folks that fix is simply marking the code as ‘broken’. The Linux researcher notes that:

The n_r3964 line discipline driver was written in a different time, when SMP machines were rare, and users were trusted to do the right thing. Since then, the world has moved on but not this code, it has stayed rooted in the past with its lovely hand-crafted list structures and loads of "interesting" race conditions all over the place.

After attempting to clean up most of the issues, I just gave up and am now marking the driver as BROKEN so that hopefully someone who has this hardware will show up out of the woodwork (I know you are out there!) and will help with debugging a raft of changes that I had laying around for the code, but was too afraid to commit as odds are they would break things.

I am a tad bit over my head here technically, but this looks like a GNU library issue; part of the larger issue that Siemens is dealing with. The CVE for this vulnerability (CVE-2019-11486) was not included in the most recent Siemens advisory for the GNU library issues, but that is hardly surprising since the CVE was issued after the latest update to the Siemens advisory. These issues have still not been addressed by NCCIC-ICS.

No comments:

/* Use this with templates/template-twocol.html */