[En-Nut-Discussion] En-Nut-Discussion Digest, Vol 183, Issue 1

Mingshu Wang mwang at ccontrols.com
Thu Oct 15 02:09:55 CEST 2020


Uwe,

Thank you for your answer. I will find out more about the CVEs.

Mingshu 


> On Oct 14, 2020, at 5:00 AM, en-nut-discussion-request at egnite.de wrote:
> 
> Send En-Nut-Discussion mailing list submissions to
>    en-nut-discussion at egnite.de
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> or, via email, send a message with subject or body 'help' to
>    en-nut-discussion-request at egnite.de
> 
> You can reach the person managing the list at
>    en-nut-discussion-owner at egnite.de
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of En-Nut-Discussion digest..."
> 
> 
> Today's Topics:
> 
>   1. Nut/OS TCP/IP Security Issue (Mingshu Wang)
>   2. Re: Nut/OS TCP/IP Security Issue (Uwe Bonnes)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 13 Oct 2020 18:41:12 +0000
> From: Mingshu Wang <mwang at ccontrols.com>
> To: "en-nut-discussion at egnite.de" <en-nut-discussion at egnite.de>
> Subject: [En-Nut-Discussion] Nut/OS TCP/IP Security Issue
> Message-ID:
>    <CH2PR18MB32542C3D91F572B070EA52EBB0040 at CH2PR18MB3254.namprd18.prod.outlook.com>
>    
> Content-Type: text/plain; charset="iso-8859-1"
> 
> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
> 
> 
> Below is the message from the customer.
> 
> 
> 
> Here is the CVE numbers that the alert fell under:
> 
> CVE-2020-11896/CVE-2020-11898
> 
> The vulnerability scanner used was Tenable.SC.
> 
> 
> Did anyone see this issue before? Will the new Nut/OS take care of this problem?
> 
> 
> Thanks,
> 
> Mingshu
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 14 Oct 2020 11:02:20 +0200
> From: Uwe Bonnes <bon at elektron.ikp.physik.tu-darmstadt.de>
> To: "Ethernut User Chat \(English\)" <en-nut-discussion at egnite.de>
> Subject: Re: [En-Nut-Discussion] Nut/OS TCP/IP Security Issue
> Message-ID: <24454.48796.602572.845278 at gargle.gargle.HOWL>
> Content-Type: text/plain; charset=us-ascii
> 
> Mingshu Wang writes:
>> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>> 
>> 
>> Below is the message from the customer.
>> 
>> 
>> 
>> Here is the CVE numbers that the alert fell under:
>> 
>> CVE-2020-11896/CVE-2020-11898
>> 
>> The vulnerability scanner used was Tenable.SC.
>> 
>> 
>> Did anyone see this issue before?
>> Will the new Nut/OS take care of this problem?
>> 
> Hello,
> 
> I do very few work around ethernet, but patches by others did touch
> that area. I do not know if that changes above CVEs.
> 
> Best thing is you care yourself:
> - Test if you can get that scanner and reproduce the vulnerability
> - Compile your application against head and recheck for that
> vulnerability
> - If it still exists:
> -- assess if the vulnerabilities may be harmfull for your IOT device
> -- put some work into understanding the vulnerability and eventually
> fix it.
> 
> If you have problems with recompiing against SVN head, let me know and
> I will try to help.
> 
> Regards
> 
> -- 
> Uwe Bonnes                bon at elektron.ikp.physik.tu-darmstadt.de
> 
> Institut fuer Kernphysik  Schlossgartenstrasse 9  64289 Darmstadt
> --------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------
> 
> 
> ------------------------------
> 
> _______________________________________________
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> 
> 
> End of En-Nut-Discussion Digest, Vol 183, Issue 1
> *************************************************


More information about the En-Nut-Discussion mailing list