Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking

Posted by Soulskill on Wednesday May 20, 2015 @03:51AM from the it's-not-even-another-day-yet dept.

itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.

1 of 70 comments (clear)

Min score:

Reason:

Sort:

Yet another open *sores* FAIL by Anonymous Coward · 2015-05-20 04:29 · Score: 0, Troll

Another day another MASSIVE security problem caused by open source. I cannot wait for this shitty movement towards crappy software written by crappy programmers to die the death it so richly deserves. This is going into my yearly talk I give at the local compsci department about why open source should be SHUNNED, not embraced, by up and coming programmers. Not only does it cost us JOBS and INCOME potential, it demonstrably results in WORSE software.