SDPAgent.exe is known as SDPAgent and it is developed by Safend LTD., it is also developed by Wave Systems Corp. We have seen about 27 different instances of SDPAgent.exe in different location. So far we haven't seen any alert about this product. Safend Protector is a client/server application for setting and enforcing security policies on the use of USB and CD-ROM drives and other removable storage media on laptops and other devices.
Ironkey Rebranding Notification:Effective August 1, 2016 all Ironkey USB drives will be rebranded. All Ironkey drives from this point forward will have a Kingston VID. Some corporate users may have to change security settings to allow for the use of these drives. IronKey Secure Sessions Notification:Effective March 1, 2016 the IronKey Secure Sessions Tor server relay will discontinue service. We apologize for any inconvenience. Visit http://www.torproject.org/ to find an alternate solution. Please visit the Special Notification Archive to view past notifications. | ||||||
Categories
|
|
‘AnywhereUSB/5 provides five USB ports, which deliver the same Plug and Play
user experience as onboard USB ports.
This low-risk vulnerability in AnywhereUSB/5 1.80.00 allows an attacker to
forge an AnywhereUSB server, so that if a client connects to it, it can be
hit with a denial of service attack.'
‘The information has been provided by Itzik Kotler, Safend.
The original advisory can be found here: http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt.'
Details
‘Risk: low.
I. BACKGROUND
AnywhereUSB/5 provides five USB ports, which deliver the same Plug and Play
user experience as onboard USB ports.
Novatel wireless others driver download. Software drivers are loaded onto a host PC or server, enabling remote devices
to communicate with the host, without changing existing application software.
Peripheral devices can be centrally managed and monitored from a remote
server or PC via an IP address.
II. DESCRIPTION
This low-risk vulnerability in AnywhereUSB/5 1.80.00 allows an attacker to
forge an AnywhereUSB server, so that if a client connects to it, it can be
hit with a denial of service attack.
Safe And Drive State Farm Grade
This integer overflow in version 1.80.00 of AnywhereUSB/5 drivers package
distributed for Windows NT 4.0/2000/XP and 2003. could allow attackers to
Bugcheck (BSOD) currently connected clients on demand, or any new client upon
connection.
The problem exists within the parsing of USB string descriptors.
A malformed string descriptor that in its header specifies a size of 1 byte,
will cause a memory copy loop to go behind allocated memory range.
This will result in a Bugcheck (BSOD) within the client computer driver.
III. ANALYSIS
Successful exploitation allows an attacker to crash the client computer and
cause a Bugcheck (BSOD) on demand.
Exploitation is possible in two ways: by sending a specially crafted string
descriptor to the client or by attaching a maliciously crafted USB device to
the hub.
IV. DETECTION
Safend has confirmed that AnywhereUSB/5 drivers version 1.80.00 is vulnerable.
It is suspected that earlier versions of AnywhereUSB/5 may also vulnerable.
V. WORKAROUND
Avoid plugging unknown USB devices into an AnywhereUSB/5 hub.
Apply strict firewalls rules, to prevent clients from connecting to a
malicious AnywhereUSB/5 server, which could in turn send the malformed string
descriptor to the client via TCP/IP.
NVIDIA nForce 680i LT SLI Motherboard Engineered for the extreme gamer, the NVIDIA nForce 680i LT SLI motherboard brings the award-winning performance of the NVIDIA nForce 680i SLI MCP to a sub-$200 price point and features full-bandwidth dual x16 PCI Express slots for NVIDIA SLI support. NVIDIA® GeForce® motherboard GPUs (mGPUs) make experiencing the GeForce difference more affordable than ever. Designed for both AMD and Intel platforms, GeForce motherboard GPUs support the latest graphics technologies including DirectX® 10, CUDA™, PhysX™, PureVideo® HD and Hybrid SLI®. Download drivers for NVIDIA products including GeForce graphics cards, nForce motherboards, Quadro workstations, and more. Update your graphics card drivers today. Nvidia drivers motherboard. Download Nvidia Motherboard drivers, firmware, bios, tools, utilities.
VI. VENDOR RESPONSE
SecuriTeam was asked to assist the researchers with contacting Digi
International.
Reported to vendor: 24th of July, 2006.
Vendor response: 25th of July, 2006.
Vendor's official response:
‘The AnywhereUSB product is used with commercial USB peripheral devices on
dedicated point to point IP connections, almost always on non-public local
area networks. The likelihood of any such USB device producing a USB
descriptor corrupted in precisely this way is extremely unlikely. This error
will be corrected in a future driver release.'
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-4459 to this issue.
This low-risk vulnerability in AnywhereUSB/5 1.80.00 allows an attacker to
forge an AnywhereUSB server, so that if a client connects to it, it can be
hit with a denial of service attack.
Safe And Drive State Farm Grade
This integer overflow in version 1.80.00 of AnywhereUSB/5 drivers package
distributed for Windows NT 4.0/2000/XP and 2003. could allow attackers to
Bugcheck (BSOD) currently connected clients on demand, or any new client upon
connection.
The problem exists within the parsing of USB string descriptors.
A malformed string descriptor that in its header specifies a size of 1 byte,
will cause a memory copy loop to go behind allocated memory range.
This will result in a Bugcheck (BSOD) within the client computer driver.
III. ANALYSIS
Successful exploitation allows an attacker to crash the client computer and
cause a Bugcheck (BSOD) on demand.
Exploitation is possible in two ways: by sending a specially crafted string
descriptor to the client or by attaching a maliciously crafted USB device to
the hub.
IV. DETECTION
Safend has confirmed that AnywhereUSB/5 drivers version 1.80.00 is vulnerable.
It is suspected that earlier versions of AnywhereUSB/5 may also vulnerable.
V. WORKAROUND
Avoid plugging unknown USB devices into an AnywhereUSB/5 hub.
Apply strict firewalls rules, to prevent clients from connecting to a
malicious AnywhereUSB/5 server, which could in turn send the malformed string
descriptor to the client via TCP/IP.
NVIDIA nForce 680i LT SLI Motherboard Engineered for the extreme gamer, the NVIDIA nForce 680i LT SLI motherboard brings the award-winning performance of the NVIDIA nForce 680i SLI MCP to a sub-$200 price point and features full-bandwidth dual x16 PCI Express slots for NVIDIA SLI support. NVIDIA® GeForce® motherboard GPUs (mGPUs) make experiencing the GeForce difference more affordable than ever. Designed for both AMD and Intel platforms, GeForce motherboard GPUs support the latest graphics technologies including DirectX® 10, CUDA™, PhysX™, PureVideo® HD and Hybrid SLI®. Download drivers for NVIDIA products including GeForce graphics cards, nForce motherboards, Quadro workstations, and more. Update your graphics card drivers today. Nvidia drivers motherboard. Download Nvidia Motherboard drivers, firmware, bios, tools, utilities.
VI. VENDOR RESPONSE
SecuriTeam was asked to assist the researchers with contacting Digi
International.
Reported to vendor: 24th of July, 2006.
Vendor response: 25th of July, 2006.
Vendor's official response:
‘The AnywhereUSB product is used with commercial USB peripheral devices on
dedicated point to point IP connections, almost always on non-public local
area networks. The likelihood of any such USB device producing a USB
descriptor corrupted in precisely this way is extremely unlikely. This error
will be corrected in a future driver release.'
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-4459 to this issue.
Safe Driver Updater
VIII. CREDIT
This vulnerability was discovered by Itzik Kotler, Safend.
IX. About SecuriTeam's Assisted Disclosure
Many researchers do not have the time, energy or inclination to deal with
reporting a vulnerability to vendors.
SecuriTeam is here to help. If you want us to handle the logistics of
contacting and following up with the vendor, making sure the problem is
fixed, contact: STAD@SecuriTeam.com.
Safend Data Protection Agent Windows 10
Our end goal is Full Disclosure, preferably in coordination with the vendor,
without exposing the researcher to unnecessary risk. We do not believe in
hiding or selling vulnerabilities. Never had, never will.
Safe And Drive State Farm
All credit will be properly attributed. If asked we can act as proxies,
keeping your privacy and anonymity.
X. LEGAL NOTICES
Disclaimer: The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author
nor the publisher accepts any liability for any direct, indirect, or
consequential loss or damage arising from use of, or reliance on, this
information.
—
Safend Usb
Safend is a leading provider of innovative endpoint security solutions that
protect against corporate data leakage and penetration via physical and
wireless ports. For more information, visit http://www.safend.com/.'
