[En-Nut-Discussion] En-Nut-Discussion Digest, Vol 183, Issue 1
Mingshu Wang
mwang at ccontrols.com
Thu Oct 15 02:09:55 CEST 2020
Uwe,
Thank you for your answer. I will find out more about the CVEs.
Mingshu
> On Oct 14, 2020, at 5:00 AM, en-nut-discussion-request at egnite.de wrote:
>
> Send En-Nut-Discussion mailing list submissions to
> en-nut-discussion at egnite.de
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> or, via email, send a message with subject or body 'help' to
> en-nut-discussion-request at egnite.de
>
> You can reach the person managing the list at
> en-nut-discussion-owner at egnite.de
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of En-Nut-Discussion digest..."
>
>
> Today's Topics:
>
> 1. Nut/OS TCP/IP Security Issue (Mingshu Wang)
> 2. Re: Nut/OS TCP/IP Security Issue (Uwe Bonnes)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 13 Oct 2020 18:41:12 +0000
> From: Mingshu Wang <mwang at ccontrols.com>
> To: "en-nut-discussion at egnite.de" <en-nut-discussion at egnite.de>
> Subject: [En-Nut-Discussion] Nut/OS TCP/IP Security Issue
> Message-ID:
> <CH2PR18MB32542C3D91F572B070EA52EBB0040 at CH2PR18MB3254.namprd18.prod.outlook.com>
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>
>
> Below is the message from the customer.
>
>
>
> Here is the CVE numbers that the alert fell under:
>
> CVE-2020-11896/CVE-2020-11898
>
> The vulnerability scanner used was Tenable.SC.
>
>
> Did anyone see this issue before? Will the new Nut/OS take care of this problem?
>
>
> Thanks,
>
> Mingshu
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 14 Oct 2020 11:02:20 +0200
> From: Uwe Bonnes <bon at elektron.ikp.physik.tu-darmstadt.de>
> To: "Ethernut User Chat \(English\)" <en-nut-discussion at egnite.de>
> Subject: Re: [En-Nut-Discussion] Nut/OS TCP/IP Security Issue
> Message-ID: <24454.48796.602572.845278 at gargle.gargle.HOWL>
> Content-Type: text/plain; charset=us-ascii
>
> Mingshu Wang writes:
>> We have a product developed with Nut/OS 4.8.7 long time ago. We got a customer complaint recently about the TCP/IP stack security issue.
>>
>>
>> Below is the message from the customer.
>>
>>
>>
>> Here is the CVE numbers that the alert fell under:
>>
>> CVE-2020-11896/CVE-2020-11898
>>
>> The vulnerability scanner used was Tenable.SC.
>>
>>
>> Did anyone see this issue before?
>> Will the new Nut/OS take care of this problem?
>>
> Hello,
>
> I do very few work around ethernet, but patches by others did touch
> that area. I do not know if that changes above CVEs.
>
> Best thing is you care yourself:
> - Test if you can get that scanner and reproduce the vulnerability
> - Compile your application against head and recheck for that
> vulnerability
> - If it still exists:
> -- assess if the vulnerabilities may be harmfull for your IOT device
> -- put some work into understanding the vulnerability and eventually
> fix it.
>
> If you have problems with recompiing against SVN head, let me know and
> I will try to help.
>
> Regards
>
> --
> Uwe Bonnes bon at elektron.ikp.physik.tu-darmstadt.de
>
> Institut fuer Kernphysik Schlossgartenstrasse 9 64289 Darmstadt
> --------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------
>
>
> ------------------------------
>
> _______________________________________________
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion
>
>
> End of En-Nut-Discussion Digest, Vol 183, Issue 1
> *************************************************
More information about the En-Nut-Discussion
mailing list