Rewterz Threat Alert – New Molerats Suspected Attack in the Middle East
February 14, 2019Rewterz Threat Alert – Multiple Phishing Campaigns Dropping Emotet Malware and Stealing Information
February 15, 2019Rewterz Threat Alert – New Molerats Suspected Attack in the Middle East
February 14, 2019Rewterz Threat Alert – Multiple Phishing Campaigns Dropping Emotet Malware and Stealing Information
February 15, 2019Severity: HIGH
Analysis Summary
A stack-based buffer overflow may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. The gpsd can be found in many mobile embedded systems such as Android phones, drones, robot submarines, driverless cars, manned aircraft, marine navigation systems, and military vehicles. This may affect the industries of Communication, Defense Industrial Base, Emergency Services, Transportation Systems, and other sectors.
Impact
- System Crash
- Denial of Service
- Resource Consumption (Memory/CPU)
- Code Execution
- Security Bypass
Affected Vendors
gpsd Open Source Project
Affected Products
microjson Versions 1.0 to 1.3
gpsd Versions 2.90 to 3.17
Remediation
The gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability. Further mitigation techniques include:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
- Additionally, platforms which implement stack protector and local variable re-ordering considerably reduce the impact of this vulnerability.