Andy Melnikov (nponeccop) wrote,
Andy Melnikov
nponeccop

11 дыр в VxWorks (6 RCE)

1. One RCE vulnerability in the IP layer (CVE-2019-12256)
2. Four RCE vulnerabilities in the TCP layer (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261 & CVE-2019-12263)
3. One RCE vulnerability in the IPnet’s built-in DHCP client, ipdhcpc (CVE-2019-12257)

Астрологи объявили неделю сокращения количества непуганых идиотов. Кроме того, показательно что дыры нашла сторонняя контора по своей инициативе (т.е. не нанятая для пентеста).

The impact of serious vulnerabilities in popular RTOSs is great and not well understood to date. On top of all that, the codebases of those RTOSs are usually closed sourced, and in most cases, receive little security research into them.

URGENT/11 is a set of 11 vulnerabilities found to affect IPnet, VxWorks’ TCP/IP stack. Six of the vulnerabilities are classified as critical and enable Remote Code Execution (RCE).

The wide range of affected versions spanning over the last 13 years is a rare occrrence in the cyber arena and is the result of VxWorks’ relative obscurity in the research community. This timespan might be even longer, as according to Wind River, three of the vulnerabilities have already existed in IPnet when it was acquired from Interpeak in 2006.

https://www.wired.com/story/vxworks-vulnerabilities-urgent11/
https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf
Tags: все пидарасы а я, до чего техника дошла, смеяться или плакать
Subscribe

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 30 comments