ASA-2019-00505 – Wind River VxWorks: IGMP Information leak via IGMPv3 specific membership report


Allele Security Alert

ASA-2019-00505

Identifier(s)

ASA-2019-00505, CVE-2019-12265, V7NET-2428

Title

IGMP Information leak via IGMPv3 specific membership report

Vendor(s)

Wind River

Product(s)

Wind River VxWorks

Affected version(s)

Wind River VxWorks 6 version 6.6
Wind River VxWorks 6 version 6.7
Wind River VxWorks 6 version 6.8
Wind River VxWorks 6 version 6.9
Wind River VxWorks 7

Fixed version(s)

Unknown

Proof of concept

Unknown

Description

An attacker can create specially crafted and fragmented IGMPv3 query report, which may result in the victim transmitting undefined buffer content.

The IGMPv3 reception handler does not expect packets to be spread across multiple IP fragments. A prerequisite for exploiting this vulnerability is that the victim system has at least one IPv4 multicast address assigned. That prerequisite is almost always fulfilled, as all multicast-capable hosts are required to listen to the all-multicast-hosts address, 224.0.0.1. Attacks against link local multicast addresses, such as 224.0.0.1, allow an attacker on the LAN to make the victim system transmit data to the network that has not been properly set. Specifically, the data transmitted from the network might be information from packets previously received or sent by the network stack.

Technical details

Unknown

Credits

Ben Seri (Armis Labs)

Reference(s)

SECURITY ADVISORY: WIND RIVER TCP/IP STACK (IPNET) VULNERABILITIES
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf

SECURITY VULNERABILITY RESPONSE INFORMATION – TCP/IP Network Stack (IPnet, Urgent/11)
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

CVE: CVE-2019-12265 - Wind River Support Network
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12265

URGENT/11 Information from the Research Team – Armis Labs
https://armis.com/urgent11/

Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS
https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf

Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
https://i.blackhat.com/USA-19/Thursday/us-19-Seri-Critical-Zero-Days-Remotely-Compromise-The-Most-Popular-Real-Time-OS.pdf

CVE-2019-12265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12265

CVE-2019-12265
https://nvd.nist.gov/vuln/detail/CVE-2019-12265

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 10, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.