=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN28
_____________________________________________________________________

DATE                : 05/07/2013

HARDWARE PLATFORM(S): Digital Alert Systems DASDEC EAS devices,
                      Monroe Electronics One-Net E189 EAS devices.

OPERATING SYSTEM(S): Monroe Electronics firmware version 2.0-2,
                     Digital Alert Systems firmware version 2.0-2.

======================================================================
http://www.kb.cert.org/vuls/id/662676
______________________________________________________________________


Vulnerability Note VU#662676
Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net
firmware exposes private root SSH key

Original Release date: 26 juin 2013 | Last revised: 02 juil. 2013

Overview

Digital Alert Systems DASDEC and Monroe Electronics One-Net E189
Emergency Alert System (EAS) devices exposed a shared private root SSH
key in publicly available firmware images. An attacker with SSH access
to a device could use the key to log in with root privileges.


Description

The Digital Alert Systems DASDEC-I and DASDEC-II and Monroe Electronics
R189 One-Net/R189SE One-NetSE are Linux-based EAS encoder/decoder
(ENDEC) devices that are used to broadcast EAS messages over digital
and analog channels. IOActive has reported several security issues
affecting these devices. The most severe of these issues is the public
disclosure of the default private root SSH key. The less severe issues
could also contribute to an attacker's ability to compromise a
vulnerable device.

Compromised root SSH key (CVE-2013-0137)
Publicly available firmware images for these devices included a private
root SSH key that was authorized to log in to the devices (CWE-798,
CWE-321). The fingerprint for the compromised SSH key is
0c:89:49:f7:62:d2:98:f0:27:75:ad:e9:72:2c:68:c3. Although this key is
not hard-coded, it may be impractical for less technical users to
manually disable or change they key prior to firmware version 2.0-2.

Predictable session ID
IOActive reports that the administrative web server uses a predictable,
monotonically increasing session ID. This finding is based on running
the web server in a test environment. Testing on a variety of firmware
versions on devices both at the factory and in the field, Monroe
Electronics could not reproduce this finding.

Log information disclosure
Logs available via the web server provide a variety of information
about the configuration, operation, and status of the device (CWE-532).
Some of the log information is public and may be required by regulation.

Predictable password generation
The dasdec_mkuser script generates passwords in a deterministic way
(CWE-341), however these passwords are not for administrative access,
and the script is not used for general user account configuration.

Default password
Like many similar devices, the DASDEC and One-Net ENDECs use default
administrative credentials. Some sites fail to change the default
administrative password and allow unrestricted internet access.


Impact

An attacker with the private key and SSH access can log in to a device
with root privileges.

Predictable session IDs could allow an attacker to take control of an
existing administrative web session.

Predictable and unchanged default passwords can allow an attacker to
log in to a device with root privileges. Devices exposed to the
internet are at particularly high risk, for example, see Secure EAS
Codecs Prevent Zombie Attacks and US-CERT Alert TA13-175A.

Logs may disclose configuration information that can benefit an
attacker.


Solution

Apply an update

On April 24, 2013, Monroe Electronics and Digital Alert Systems
released firmware version 2.0-2 that disables the compromised SSH key,
provides a simplified user option to install new unique keys, and
enforces a new password policy. Monroe Electronics has taken
considerable effort to provide update information to DASDEC and
One-NetSE users.

DASDEC users can obtain updated firmware and release notes by
contacting <support@digitalalertsystems.com>. R189 One-Net users can
contact <eas@monroe-electronics.com>.


Disable compromised SSH key

The compromised root SSH key should be disabled immediately, especially
if the SSH service is exposed to untrusted networks such as the
internet. If SSH connectivity is required, generate, install, and test
new SSH keys before disabling the compromised key. The fingerprint for
the compromised SSH key is 0c:89:49:f7:62:d2:98:f0:27:75:ad:e9:72:2c:68:c3.


Manually inspect SSH keys

To identify a compromised key, examine the authorized_keys file at
/root/.ssh/authorized_keys2.dasdec and use the ssh-keygen command to
show SSH key fingerprints. The following example shows the fingerprint
for the compromised key:

$ ssh-keygen -l -f authorized_keys2.dasdec
1024 0c:89:49:f7:62:d2:98:f0:27:75:ad:e9:72:2c:68:c3 wood@endec1 (DSA)

Note that ssh-keygen only shows the fingerprint for the first key/line
in the file. If authorized_keys2.dasdec contains multiple keys
(multiple lines, one key per line), it will be necessary to extract
each key (line) to a separate file and run the ssh-keygen command on
each key/file. These shell scripts can be used to list and test
multiple SSH keys in an authorized_keys file:

    http://www.cert.org/downloads/vuls/662676/ssh-key-test.sh

    https://raw.github.com/aspiers/ssh-config/master/bin/ssh-list-pubkeys


To generate new SSH keys, use ssh-kegen.


Restrict access

If for some reason you are not able to remove and replace the
compromised SSH key, restrict access to the SSH service to highly
trusted hosts and networks only. As a general good security practice,
restrict access to all services to trusted hosts and networks.


Change default passwords

Change any default passwords, and do not deploy production systems
without changing default passwords. Search engines like Shodan can
index systems exposed to the internet and default passwords are usually
documented and well-known. It is often trivial for an attacker to
identify and access systems on the internet using default passwords.


Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
Digital Alert Systems	Affected	18 Jan 2013	26 Jun 2013
Monroe Electronics	Affected	18 Jan 2013	24 Jun 2013

If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Group 	Score 	Vector
Base 	10,0 	AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 	8,7 	E:ND/RL:OF/RC:C
Environmental 	6,8 	CDP:LM/TD:M/CR:ND/IR:M/AR:ND
References

    http://www.monroe-electronics.com/EAS_pages/prod_r189se.html
    http://www.digitalalertsystems.com/products_enc-dec.html

http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf
    http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf
    http://www.digitalalertsystems.com/pdf/wpdas-122.pdf
    http://www.fcc.gov/guides/emergency-alert-system-eas

http://www.commlawblog.com/2013/02/articles/broadcast/fcc-urges-broadcasters-to-secure-eas-equipment/

http://www.broadcastlawblog.com/2013/02/articles/emergency-communications/hackers-use-eas-to-send-alert-of-zombie-attack-fcc-issues-urgent-warning-to-broadcasters-to-secure-their-eas-systems/

http://www.radioworld.com/article/eas-hack-cap-not-the-issue-internet-security-is/217746

http://www.radioworld.com/article/stations-urged-to-protect-their-eas/217746
    http://transition.fcc.gov/pshs/techtopics/techtopics21.html
    http://www.thebdr.net/articles/fcc/eas/eas.html
    http://www.thebdr.net/articles/fcc/eas/EAS-Q5.pdf
    http://cwe.mitre.org/data/definitions/798.html
    http://cwe.mitre.org/data/definitions/532.html
    http://cwe.mitre.org/data/definitions/341.html
    http://cwe.mitre.org/data/definitions/320.html
    http://cwe.mitre.org/data/definitions/321.html
    http://www.us-cert.gov/ncas/alerts/TA13-175A
    http://www.cert.org/downloads/vuls/662676/ssh-key-test.sh
    https://raw.github.com/aspiers/ssh-config/master/bin/ssh-list-pubkeys

Credit

Thanks to Mike Davis and Cesar Cerrudo of IOActive for reporting these
issues. Thanks also to Monroe Electronics for their efforts to contact
affected users.

This document was written by Art Manion.
Other Information

    CVE IDs: CVE-2013-0137
    Date Public: 24 juin 2013
    Date First Published: 26 juin 2013
    Date Last Updated: 02 juil. 2013
    Document Revision: 86

Feedback

If you have feedback, comments, or additional information about this
vulnerability, please send us email.

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================