DNS and TCP/IP Stack Vulnerabilities Affect 100 Million Devices

Threat Watch

Threat Watch DNS and TCP/IP Stack Vulnerabilities Affect 100 Million Devices

DNS and TCP/IP Stack Vulnerabilities Affect 100 Million Devices

In a joint effort between researchers at JSOF and Forescout, a group of vulnerabilities has been disclosed affecting DNS in 100 million devices that are based on FreeBSD, Nucleus NET and NetX. This primarily affects Operational Technology (OT) and Internet of Things (IoT) devices. The collection of vulnerabilities is being called NAME: WRECK, and together can be leveraged to take over a machine. Each of these vulnerabilities, according to Forescout, while hypothetical, can allow an attacker to cause significant damage and steal data. The most critical vulnerabilities center around the implementation of message compression, allowing for remote code execution through buffer overflows.

ANALYST NOTES

While patches for FreeBSD, Nucleus NET, and NetX are all currently available, it will be up to vendors to deliver these patches on time to devices. Vulnerabilities found in operating systems such as FreeBSD can be challenging to patch due to the high number of embedded devices that rely on the OS’s derivatives. Currently, there is no known proof-of-concept available, but in time there will likely be a POC that can lower the bar for attackers to leverage these vulnerabilities. Reference: https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/ https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/

Intruder Tactics: Privilege Escalation

Ransomware group targeted DC police, then sent mixed messages about shutting down

Emerging deepfake technology could have security implications for businesses

Striking Back: Hunting Cobalt Strike Using Sysmon And Sentinel

Threat Watch