Nut/OS TCP/IP Security Issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Nut/OS TCP/IP Security Issue

Mingshu Wang
We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.


Below is the message from the customer.



Here is the CVE numbers that the alert fell under:

CVE-2020-11896/CVE-2020-11898

The vulnerability scanner used was Tenable.SC.


Did anyone see this issue before? Will the new Nut/OS take care of this problem?


Thanks,

Mingshu

_______________________________________________
http://lists.egnite.de/mailman/listinfo/en-nut-discussion
bon
Reply | Threaded
Open this post in threaded view
|

Re: Nut/OS TCP/IP Security Issue

bon
Mingshu Wang writes:

> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>
>
> Below is the message from the customer.
>
>
>
> Here is the CVE numbers that the alert fell under:
>
> CVE-2020-11896/CVE-2020-11898
>
> The vulnerability scanner used was Tenable.SC.
>
>
> Did anyone see this issue before?
> Will the new Nut/OS take care of this problem?
>
Hello,

I do very few work around ethernet, but patches by others did touch
that area. I do not know if that changes above CVEs.

Best thing is you care yourself:
- Test if you can get that scanner and reproduce the vulnerability
- Compile your application against head and recheck for that
vulnerability
- If it still exists:
-- assess if the vulnerabilities may be harmfull for your IOT device
-- put some work into understanding the vulnerability and eventually
fix it.

If you have problems with recompiing against SVN head, let me know and
I will try to help.

Regards

--
Uwe Bonnes                [hidden email]

Institut fuer Kernphysik  Schlossgartenstrasse 9  64289 Darmstadt
--------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------
_______________________________________________
http://lists.egnite.de/mailman/listinfo/en-nut-discussion