Re: En-Nut-Discussion Digest, Vol 183, Issue 1

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: En-Nut-Discussion Digest, Vol 183, Issue 1

Mingshu Wang
Uwe,

Thank you for your answer. I will find out more about the CVEs.

Mingshu


> On Oct 14, 2020, at 5:00 AM, [hidden email] wrote:
>
> ´╗┐Send En-Nut-Discussion mailing list submissions to
>    [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> or, via email, send a message with subject or body 'help' to
>    [hidden email]
>
> You can reach the person managing the list at
>    [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of En-Nut-Discussion digest..."
>
>
> Today's Topics:
>
>   1. Nut/OS TCP/IP Security Issue (Mingshu Wang)
>   2. Re: Nut/OS TCP/IP Security Issue (Uwe Bonnes)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 13 Oct 2020 18:41:12 +0000
> From: Mingshu Wang <[hidden email]>
> To: "[hidden email]" <[hidden email]>
> Subject: [En-Nut-Discussion] Nut/OS TCP/IP Security Issue
> Message-ID:
>    <[hidden email]>
>    
> Content-Type: text/plain; charset="iso-8859-1"
>
> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>
>
> Below is the message from the customer.
>
>
>
> Here is the CVE numbers that the alert fell under:
>
> CVE-2020-11896/CVE-2020-11898
>
> The vulnerability scanner used was Tenable.SC.
>
>
> Did anyone see this issue before? Will the new Nut/OS take care of this problem?
>
>
> Thanks,
>
> Mingshu
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 14 Oct 2020 11:02:20 +0200
> From: Uwe Bonnes <[hidden email]>
> To: "Ethernut User Chat \(English\)" <[hidden email]>
> Subject: Re: [En-Nut-Discussion] Nut/OS TCP/IP Security Issue
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=us-ascii
>
> Mingshu Wang writes:
>> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>>
>>
>> Below is the message from the customer.
>>
>>
>>
>> Here is the CVE numbers that the alert fell under:
>>
>> CVE-2020-11896/CVE-2020-11898
>>
>> The vulnerability scanner used was Tenable.SC.
>>
>>
>> Did anyone see this issue before?
>> Will the new Nut/OS take care of this problem?
>>
> Hello,
>
> I do very few work around ethernet, but patches by others did touch
> that area. I do not know if that changes above CVEs.
>
> Best thing is you care yourself:
> - Test if you can get that scanner and reproduce the vulnerability
> - Compile your application against head and recheck for that
> vulnerability
> - If it still exists:
> -- assess if the vulnerabilities may be harmfull for your IOT device
> -- put some work into understanding the vulnerability and eventually
> fix it.
>
> If you have problems with recompiing against SVN head, let me know and
> I will try to help.
>
> Regards
>
> --
> Uwe Bonnes                [hidden email]
>
> Institut fuer Kernphysik  Schlossgartenstrasse 9  64289 Darmstadt
> --------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------
>
>
> ------------------------------
>
> _______________________________________________
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion
>
>
> End of En-Nut-Discussion Digest, Vol 183, Issue 1
> *************************************************
_______________________________________________
http://lists.egnite.de/mailman/listinfo/en-nut-discussion