In a joint effort between researchers at JSOF and Forescout, a group of vulnerabilities has been disclosed affecting DNS in 100 million devices that are based on FreeBSD, Nucleus NET and NetX. This primarily affects Operational Technology (OT) and Internet of Things (IoT) devices. The collection of vulnerabilities is being called NAME: WRECK, and together can be leveraged to take over a machine. Each of these vulnerabilities, according to Forescout, while hypothetical, can allow an attacker to cause significant damage and steal data. The most critical vulnerabilities center around the implementation of message compression, allowing for remote code execution through buffer overflows.
Analyst Notes
While patches for FreeBSD, Nucleus NET, and NetX are all currently available, it will be up to vendors to deliver these patches on time to devices. Vulnerabilities found in operating systems such as FreeBSD can be challenging to patch due to the high number of embedded devices that rely on the OS’s derivatives. Currently, there is no known proof-of-concept available, but in time there will likely be a POC that can lower the bar for attackers to leverage these vulnerabilities.
Reference:
https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/
https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/
