Tuesday, June 5, 2018

Vulnerability Spotlight: TALOS-2018-0535 - Ocularis Recorder VMS_VA Denial of Service Vulnerability

Vulnerabilities discovered by Carlos Pacho from Talos


Overview

Talos is disclosing a denial-of-service vulnerability in the Ocularis Recorder. Ocularis is a video management software (VMS) platform used in a variety of settings, from convenience stores, to city-wide deployments. An attacker can trigger this vulnerability by crafting a malicious network packet that causes a process to terminate, resulting in a denial of service.

Details

An exploitable denial-of-service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate, resulting in denial of service.

The VMS_VA server process is listening for incoming TCP connections on a port in the range of 60801-65535. When a client connects to it and sends any unexpected data, the binary will respond with "Hello World!" The binary has a check to see if the receiving data starts with "dispose.” If it does, the server process kills itself. There is no authentication required for this command to go through. Any attacker with network access to the server application can use this to execute a denial-of-service attack.

Ocularis has released patches for versions 5.3, 5.4 and 5.5 (https://onssi.com/software-downloads/)

More technical details can be found in the Talos Vulnerability Reports.

Coverage

The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rule: 45829

1 comment:

  1. A security patch addressing this vulnerability was released yesterday, June 4, 2018, by OnSSI and delivered to Ocularis Recorders via our Automatic Update Service to correct this vulnerability. Our Automatic Update Service ensures distribution of the patch to all on-line Ocularis customers overnight. Off-line customers can move the patch to their internal system for automatic distribution.

    We thank Talos Labs for bringing this concern to our attention. Their diligence has helped us address this concern quickly.

    Anthony Sabino-Staine
    Technical Support Manager

    On-Net Surveillance Systems, Inc.
    One Blue Hill Plaza, 7th Floor, PO Box 1555
    Pearl River, NY 10965
    Tel: 845-732-7900

    ReplyDelete

Post a Comment