> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
> Below is the message from the customer.
> Here is the CVE numbers that the alert fell under:
> The vulnerability scanner used was Tenable.SC.
> Did anyone see this issue before?
> Will the new Nut/OS take care of this problem?
I do very few work around ethernet, but patches by others did touch
that area. I do not know if that changes above CVEs.
Best thing is you care yourself:
- Test if you can get that scanner and reproduce the vulnerability
- Compile your application against head and recheck for that
- If it still exists:
-- assess if the vulnerabilities may be harmfull for your IOT device
-- put some work into understanding the vulnerability and eventually
If you have problems with recompiing against SVN head, let me know and
I will try to help.