Allele Security Alert
ASA-2019-00498
Identifier(s)
ASA-2019-00498, CVE-2019-12258, V7NET-2426
Title
Denial of Service (DoS) of TCP connection via malformed TCP options
Vendor(s)
Wind River
Product(s)
Wind River VxWorks
Affected version(s)
Wind River VxWorks 6 version 6.6
Wind River VxWorks 6 version 6.7
Wind River VxWorks 6 version 6.8
Wind River VxWorks 6 versions 6.9.x before 6.9.4.12
Wind River VxWorks 7 versions 2.x.x.x before 2.1.0.0
Wind River VxWorks 7 versions 1.x.x.x before 1.4.3.1
Fixed version(s)
Wind River VxWorks 6 version 6.9.4.12
Wind River VxWorks 7 version 2.1.0.0
Wind River VxWorks 7 version 1.4.3.1
Proof of concept
Unknown
Description
A specially crafted packet containing illegal TCP-options can result in the victim not just dropping the TCP-segment but also drop the TCP-session.
This vulnerability affects established TCP sessions. An attacker who can figure out the source and destination TCP port and IP addresses of a session can inject invalid TCP segments into the flow, causing the TCP session to be reset. An application will see this as an ECONNRESET error message when using the socket after such an attack. The most likely outcome is a crash of the application reading from the affected socket.
Technical details
Unknown
Credits
Ben Seri (Armis)
Reference(s)
SECURITY ADVISORY: WIND RIVER TCP/IP STACK (IPNET) VULNERABILITIES
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf
SECURITY VULNERABILITY RESPONSE INFORMATION – TCP/IP Network Stack (IPnet, Urgent/11)
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12258
URGENT/11 Information from the Research Team – Armis Labs
https://armis.com/urgent11/
Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS
https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
https://i.blackhat.com/USA-19/Thursday/us-19-Seri-Critical-Zero-Days-Remotely-Compromise-The-Most-Popular-Real-Time-OS.pdf
CVE-2019-12258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12258
CVE-2019-12258
https://nvd.nist.gov/vuln/detail/CVE-2019-12258
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 12, 2019