%20_300dpi.jpg?width=300&height=300&name=AP-800AX(2000x2000)%20_300dpi.jpg)
Vulnerability Note VU#177092
KCodes NetUSB kernel driver is vulnerable to buffer overflow.
The Department of Homeland Security recently released Vulnerability Note VU#177092.
The website link and detailed information about the vulnerability can be found here: https://www.kb.cert.org/vuls/id/177092
Cause of Vulnerability
The cause of the Vulnerability Note VU#177092 in KCodes SDK and products that use it is a buffer overrun. If the host name is too long when passing information from a remote client computer to the host name in the software stack of Kcodes, it causes a buffer overrun which can crash the entire system.
Silex SX-Virtual USB SDK and Products using it are not Vulnerable
Silex Technology offers a product that is similar to the KCodes software in the form of an SDK that allows routers to be able to offer connectivity and sharing of USB devices in a home or office.
Silex engineers have confirmed that our code is not vulnerable to the same attack. Silex designed and developed our code to be secure and robust, and our code has a very different architecture than that of KCodes. Our code is not affected by Vulnerability Note VU#177092.
The Silex SX-Virtual USB SDK for Linux manages the connection information in the IPv4 address. Because the parameter is of fixed length, there is no risk of buffer overrun.
Silex also performs processing to get the host name from the system. However, when the Silex software gets the host name, it always checks the end of the buffer by looking up or adding a NULL termination character.
When it Absolutely Must Connect
Silex has a company tagline of "When it Absolutely Must Connect", and we stand behind it in our products. Our goal is to develop technology and products that pursue "Always-On" connectivity. In addition to our own extensive internal testing, our SX-Virtual USB SDK for Linux software goes through a rigorous third party integrity and security check to ensure the code is as clean and secure as possible.
Additional Security is Available from Silex
Silex can also offer an optional encryption link from the client to the server using our SX-Virtual USB SDK for Linux to make it even more secure.
More Information
If you have questions about security of Silex products and solutions, please contact us:
Website: www.silextechnology.com
Email: sales@silexamerica.com or support@silexamerica.com
Phone: +1 (801) 748-1199 or U.S. toll-free: (866) 765-8761