|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3760 CVE : CVE-2008-1431 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : No Exploit Available : No Credit : Collin Mulliner Published : 20.03.2008
Advisory Content : Manufacturer: RaidSonic (www.raidsonic.de) Device: NAS-4220-B Firmware: 2.6.0-n(2007-10-11) Device Type: end user grade NAS box OS: Linux 2.6.15 Architecture: ARM Designed by: Storm Semiconductor Inc (www.storlinksemi.com) Problem: Hard disk encryption key stored in plain on unencrypted partition. Time line: Found: 09. March 2008 Reported: 09. March 2008 Disclosed: 16. March 2008 Summary: The NAS-4220-B offers disk encryption through it's web interface. The key used for encrypting the disk(s) is stored on a unencrypted partition. Therefore one can extract the encryption key by removing the disk from the NAS and reading the value from the unencrypted partition. The key itself is stored in a file in plain (base64 encoded). Therefore the NAS-4220 crypt disk support can not be considered secure. Details: The NAS-4220-B can hold two SATA disks. Disk are encrypted through a loop back device using AES128. The problem came to my attention when I could access the NAS after reboot without suppling the hard disk key. The key is stored in /system/.crypt, "/system" is a small configuration partition on the same disk that holds the encrypted partition. The system partition is created by the system software running on the NAS-4220. The configuration partition of the second hard disk is not mounted by default but also contains the .crypt file holding the key for the encrypted partition on the same disk. Accessing the key (key value is the example I used): $ cat /system/.crypt MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= key in plain key in base64 12345678901234567890 MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= Base64 decode: #!/usr/bin/python from base64 import * print b64decode("MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=") Reported by: Collin Mulliner <collin(AT)betaversion.net > Collin's Advisories: http://www.mulliner.org/security/advisories/ -- Collin R. Mulliner <collin (at) betaversion (dot) net [email concealed]> BETAVERSiON Systems [www.betaversion.net] info/pgp: finger collin (at) betaversion (dot) net [email concealed] If you have to run heating in winter, you don't own enough computers.  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |