Allele Security Alert
ASA-2019-00499
Identifier(s)
ASA-2019-00499, CVE-2019-12259, V7NET-2428
Title
DoS via NULL dereference in IGMP parsing
Vendor(s)
Wind River
Product(s)
Wind River VxWorks
Affected version(s)
Wind River VxWorks 6 version 6.6
Wind River VxWorks 6 version 6.7
Wind River VxWorks 6 version 6.8
Wind River VxWorks 6 versions 6.9.x.x before 6.9.4.12
Wind River VxWorks 7 versions 2.x.x.x before 2.1.0.0
Wind River VxWorks 7 versions 1.x.x.x before 1.4.3.1
Fixed version(s)
Wind River VxWorks 6 version 6.9.4.12
Wind River VxWorks 7 version 2.1.0.0
Wind River VxWorks 7 version 1.4.3.1
Proof of concept
Unknown
Description
This vulnerability require that the TCP/IP-stack is assigned a multicast address the API intended for assigning unicast addresses or something with the same logical flaw is a prerequisite.
This vulnerability requires that at least one IPv4 multicast address has been assigned to the target in an incorrect way, i.e., using the API intended for assigning unicast addresses. It is not possible to exploit for multicast addresses added with the proper API, i.e., setsockopt(). An attacker may use ASA-2019-00504 to incorrectly assign a multicast IP address. An attacker on the same LAN as the victim system may use this vulnerability to cause a NULL pointer dereference, which most likely will crash the tNet0 task.
Technical details
Unknown
Credits
Ben Seri (Armis Labs)
Reference(s)
SECURITY ADVISORY: WIND RIVER TCP/IP STACK (IPNET) VULNERABILITIES
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf
SECURITY VULNERABILITY RESPONSE INFORMATION – TCP/IP Network Stack (IPnet, Urgent/11)
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12259
URGENT/11 Information from the Research Team – Armis Labs
https://armis.com/urgent11/
Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS
https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
https://i.blackhat.com/USA-19/Thursday/us-19-Seri-Critical-Zero-Days-Remotely-Compromise-The-Most-Popular-Real-Time-OS.pdf
ASA-2019-00504 – Wind River VxWorks: Logical flaw in IPv4 assignment by the ipdhcpc DHCP client
https://allelesecurity.com/asa-2019-00504/
CVE-2019-12259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12259
CVE-2019-12259
https://nvd.nist.gov/vuln/detail/CVE-2019-12259
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 15, 2019