News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Name : Wreck. Nine vulnerabilities affecting four popular TCP/IP stacks

    Home Forums Networking – routers, firewalls, network configuration Name : Wreck. Nine vulnerabilities affecting four popular TCP/IP stacks

    Viewing 1 reply thread
    • Author
      Posts
      • #2357812
        Alex5723
        AskWoody Plus

        Today, Forescout Research Labs, partnering with JSOF Research, disclose NAME:WRECK, a set of nine vulnerabilities affecting four popular TCP/IP stacks (FreeBSD, Nucleus NET, IPnet and NetX). These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them.

        The widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface. This research is further indication that the community should fix DNS problems that we believe are more widespread than what we currently know…

        Nucleus NET : more than 3 billion devices use this real-time operating system, such as ultrasound machines, storage systems, critical systems for avionics and others.

        FreeBSD : known to be used for high-performance servers in millions of IT networks and is also the basis for other well-known open-source projects, such as firewalls and several commercial network appliances.

        NetX : Typical applications include medical devices, systems-on-a-chip and several printer models. ThreadX was known to have 6.2 billion deployments in 2017, with mobile phones (probably in baseband processors), consumer electronics and business automation being the most common product categories.

        • This topic was modified 3 weeks, 2 days ago by Alex5723.
      • #2357857
        Paul T
        AskWoody MVP

        From the article:  exploitation requires a malicious DNS server to reply with malicious packets

        If the devices are within your network and using a local DNS then you are unlikely to be affected. Internet facing devices may be affected.

        cheers, Paul

        3 users thanked author for this post.
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Name : Wreck. Nine vulnerabilities affecting four popular TCP/IP stacks

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.