Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-1477 to a friend New vulnerability? New tool? Tell us	CVE-2009-1477 ATEN IP KVM Switch Multiple Vulnerabilities     Credit: The information has been provided by Jakob Lell. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-1477 Details Check for CVE-2009-1477 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * ATEN KH1516i IP KVM Switch - browser firmware version 1.0.063  * ATEN KN9116 IP KVM Switch - firmware version 1.1.104  * ATEN PN9108 Power over the NET CVE Information: CVE-2009-1477: Same SSL Key for all devices All tested devices (KH1516i, KN9116 and PN9108) use the same SSL key for the https web interface. If an attacker manages to extract the private key from one single device, (s)he can decrypt the https traffic of all other affected devices. This includes the username and password used to authenticate to the kvm switch. If the attacker is able to carry out a man in the middle attack, (s)he can also compromise client systems by exchanging the windows or java client software which is downloaded from the kvm switch via https. CVE-2009-1472: Java client arbitrary code execution The java client program connects to the kvm switch on port 9002 and downloads and runs a new java class. This connection is encrypted using AES. However, the encryption key is hardcoded in the client program. So a man in the middle attacker can inject an other java class file which can execute arbitrary java code on the client computer. This java code is not protected by a sandbox as the client isn't run as a java applet. It is also possible to use this vulnerability to do a man in the middle attack to gain access to the machines connected to the kvm switch. CVE-2009-1473: Cryptographic weakness in key exchange When the windows/java client connects to the device, the kvm switch and the client negotiate a symmetric session key. This key negotiation uses RSA in an insecure way. An attacker who can monitor the traffic between the client and the kvm switch is able to repeat client-side calculations to get the session key. By using this session key an attacker can decrypt the traffic and reconstruct the keystrokes. Furthermore it is also possible to carry out a man in the middle attack and gain access to the machines connected to the KVM switch. Both the Windows and the Java clients are affected. CVE-2009-1474: Incomplete encryption The connection between the client and the kvm switch is not completely encrypted. The transfer of keystrokes is encrypted. However, mouse events are not protected in any way. So a man in the middle attacker can inject arbitrary mouse movements and press mouse buttons. Depending on the operating system and setup this may be used to compromise computers attached to the kvm switch.  Comments on CVE-2009-1477:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®