[En-Nut-Discussion] Nut/OS TCP/IP Security Issue
Uwe Bonnes
bon at elektron.ikp.physik.tu-darmstadt.de
Wed Oct 14 11:02:20 CEST 2020
Mingshu Wang writes:
> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>
>
> Below is the message from the customer.
>
>
>
> Here is the CVE numbers that the alert fell under:
>
> CVE-2020-11896/CVE-2020-11898
>
> The vulnerability scanner used was Tenable.SC.
>
>
> Did anyone see this issue before?
> Will the new Nut/OS take care of this problem?
>
Hello,
I do very few work around ethernet, but patches by others did touch
that area. I do not know if that changes above CVEs.
Best thing is you care yourself:
- Test if you can get that scanner and reproduce the vulnerability
- Compile your application against head and recheck for that
vulnerability
- If it still exists:
-- assess if the vulnerabilities may be harmfull for your IOT device
-- put some work into understanding the vulnerability and eventually
fix it.
If you have problems with recompiing against SVN head, let me know and
I will try to help.
Regards
--
Uwe Bonnes bon at elektron.ikp.physik.tu-darmstadt.de
Institut fuer Kernphysik Schlossgartenstrasse 9 64289 Darmstadt
--------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------
More information about the En-Nut-Discussion
mailing list