You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2020/12/08 13:53:42 UTC
[GitHub] [incubator-nuttx] philip-n opened a new issue #2496: Amnesia:33 vulnerability in uIP-based network-stack
philip-n opened a new issue #2496:
URL: https://github.com/apache/incubator-nuttx/issues/2496
On December 8th 2020, there's been widespread reporting about a family of vulnerabilities in the network stacks of various embedded OS, called "AMNESIA:33".
The [original report](https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/) lists a number of vulnerabilities in uIP (page 10) and states that
> The NuttX RTOS started by importing uIP, but then evolved its code independently. We could verify that at least one vulnerability still applies to NuttX.
They mention https://github.com/apache/incubator-nuttx/blob/master/include/nuttx/net/ip.h as the according file.
---
Is the vulnerability known and is there already some work going on to fix this (e.g. based on an advance-warning by the report authors)?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] btashton commented on issue #2496: Amnesia:33 vulnerability in uIP-based network-stack
Posted by GitBox <gi...@apache.org>.
btashton commented on issue #2496:
URL: https://github.com/apache/incubator-nuttx/issues/2496#issuecomment-741810718
@philip-n yes we worked with the authors and will be sending out an announcement shortly. In the meantime you can find nuttx-10.0.1 and nuttx-9.1.1 tags that contain the fixes.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] philip-n commented on issue #2496: Amnesia:33 vulnerability in uIP-based network-stack
Posted by GitBox <gi...@apache.org>.
philip-n commented on issue #2496:
URL: https://github.com/apache/incubator-nuttx/issues/2496#issuecomment-741833905
Thanks for the quick answer, it's great that this has already been resolved.
Thanks to everybody for their efforts, on this particular bug as well as in general!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] philip-n closed issue #2496: Amnesia:33 vulnerability in uIP-based network-stack
Posted by GitBox <gi...@apache.org>.
philip-n closed issue #2496:
URL: https://github.com/apache/incubator-nuttx/issues/2496
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org