Computing > Networking & Wireless

AMNESIA:33 - TCP/IP stacks uIP, FNET, picoTCP and Nut/Net

(1/1)

madires:
Critical vulnerabilities in TCP/IP stacks uIP, FNET, picoTCP and Nut/Net: https://www.forescout.com/company/blog/amnesia33-forescout-research-labs-finds-33-new-vulnerabilities-in-open-source-tcp-ip-stacks/ (beware of the marketing)

EasyGoing1:
These days, Im skeptical of statements like this

Generally, these vulnerabilities can be exploited to take full control of a target device (RCE)

Who's still out there making operating systems where the network layer processes are given root-level access? WHO? Cause they should be shot whoever they are.

andersm:

--- Quote from: EasyGoing1 on February 25, 2021, 01:49:35 pm ---Who's still out there making operating systems where the network layer processes are given root-level access?
--- End quote ---
The listed stacks are pretty much all aimed at microcontrollers.

madires:
Next one: NAME:WRECK
https://therecord.media/namewreck-vulnerabilities-impact-millions-of-smart-and-industrial-devices/

ejeffrey:

--- Quote from: EasyGoing1 on February 25, 2021, 01:49:35 pm ---These days, Im skeptical of statements like this

Generally, these vulnerabilities can be exploited to take full control of a target device (RCE)

Who's still out there making operating systems where the network layer processes are given root-level access? WHO? Cause they should be shot whoever they are.

--- End quote ---

There are no operating systems of any commercial or practical use where remote code execution in the network stack is not the highest level of security vulnerability.  Even if you have process isolation from the network code it has sufficiently privileged to be game over from a security standpoint.

Navigation

[0] Message Index

There was an error while thanking
Thanking...
Go to full version