EEVblog Electronics Community Forum
Products => Computers => Networking & Wireless => Topic started by: madires on December 08, 2020, 01:17:09 pm
-
Critical vulnerabilities in TCP/IP stacks uIP, FNET, picoTCP and Nut/Net: https://www.forescout.com/company/blog/amnesia33-forescout-research-labs-finds-33-new-vulnerabilities-in-open-source-tcp-ip-stacks/ (https://www.forescout.com/company/blog/amnesia33-forescout-research-labs-finds-33-new-vulnerabilities-in-open-source-tcp-ip-stacks/) (beware of the marketing)
-
These days, Im skeptical of statements like this
Generally, these vulnerabilities can be exploited to take full control of a target device (RCE)
Who's still out there making operating systems where the network layer processes are given root-level access? WHO? Cause they should be shot whoever they are.
-
Who's still out there making operating systems where the network layer processes are given root-level access?
The listed stacks are pretty much all aimed at microcontrollers.
-
Next one: NAME:WRECK
https://therecord.media/namewreck-vulnerabilities-impact-millions-of-smart-and-industrial-devices/
-
These days, Im skeptical of statements like this
Generally, these vulnerabilities can be exploited to take full control of a target device (RCE)
Who's still out there making operating systems where the network layer processes are given root-level access? WHO? Cause they should be shot whoever they are.
There are no operating systems of any commercial or practical use where remote code execution in the network stack is not the highest level of security vulnerability. Even if you have process isolation from the network code it has sufficiently privileged to be game over from a security standpoint.