![Meinberg Security Advisory: [MBGSA-1903] Meinberg LANTIME Firmware V7 - Meinberg News](/css/images/logos/xmbg-logo.png.pagespeed.ic.DX69pohVcT.png){kind=logo}
![[Preview]Meinberg Security Advisory: [MBGSA-1903] Meinberg LANTIME Firmware V7 - Meinberg News](/css/buttons/xde.png.pagespeed.ic.STRk-ATSUv.png)
NEWSNews from 2019-11-21
Meinberg Security Advisory: [MBGSA-1903] Meinberg LANTIME Firmware V7
Estimation of severity
- LANTIME firmware 7.00.001 to 7.00.003: high (see Point 2 "Systems affected")
- LANTIME firmware: V7.00.004
1 Description of the vulnerabilities
- NO CVE severity high:
The RSA, DSA and ED25519 keys were not created during initial generation of the SSH keys on first startup or when restoring factory settings in LANTIME firmware versions 7.00.001 up to and including 7.00.003. As a result, these keys were replaced with default values which theoretically allow attackers to set up man-in-the-middle attacks. (Special thanks to Ulrich Windl for the finding) -
As part of ongoing software maintenance, some tools and libraries have received an update. The changes to the updated programs include security-related issues. Unfortunately, we cannot rule out that at least some of the identified vulnerabilities in the third party software could be exploited. For this reason, the following programs and libraries are receiving an update.
- Update of tcpdump to 4.9.3
- Update of libpcap to 1.9.1
- Update of vim to 8.1
- Update of wpa_supplicant to 2.9
- Update of libexpat to 2.2.9
- Update of zlib to 1.2.11
- Update of ncurses to 6.1
- Update of rsync to 3.1.3
2 Systems affected
The use of default SSH keys only applies to versions 7.00.001 to 7.00.003 if a system has been set to factory-defaults (e.g. this applies for new devices or a device that has executed the factory defaults function).
Checklist for recognizing an affected system:
- Manual SSH keys have been generated (e.g. copied, generated via command line or web interface) → Not affected
- SSH keys have been transferred during update from V6 to V7 → Not affected
- A new device with version 7.00.001 up to and including 7.00.003 has been put into operation without creating your own SSH key → Affected
- Factory defaults in version 7.00.001 to 7.00.003 have been reset → Affected
To make sure that default SSH keys were not used, use the "Security → SSH → Display SSH Key" feature in the web interface to check whether the designation "root@heiko-tr0-lt04" is attached to one of the keys in the public key part. If one of the keys has this designation, it is a default key and needs to be exchanged. Owing to the updates to the tools and libraries, all LANTIME firmware versions prior to V7.00.004 are considered affected systems.
The LANTIME firmware is used by all devices in the LANTIME-M series (M100, M200, M300, M400, M600, M900) as well as all LANTIME IMS series (M500, M1000, M1000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000/SF1100). It depends on the respective configuration, network infrastructure and other factors if and to which degree the LANTIME systems are vulnerable. For this reason, no general statement can be made about the actual vulnerability of the systems in use.
3 Possible security measures
The security patches are included in LANTIME firmware version 7.00.004. An update to this version fixes the incorrect initial SSH key generation and vulnerabilities in the tools and libraries. In addition, if default SSH keys are present, new SSH keys need to be generated over the "Security → SSH → Generate SSH Key" feature in the web interface.
Download the latest LANTIME firmware from Meinberg Firmware Updates.
All updates are immediately available for Meinberg customers. We recommend updating your LANTIME firmware to version 7.00.004
4 Further information
Further details and information are available from the following website:
LANTIME Firmware Update: V7.00.004
If you have any other questions or you need assistance, please, don’t hesitate to contact your Meinberg support service.
