"Name:Wreck" vulnerability affects FreeBSD- TCP/IP Stack

[DutchDaemon]

Forescout and JSOF Disclose New DNS Vulnerabilities, Impacting Millions of Enterprise and Consumer Devices

Today, Forescout Research Labs, partnering with JSOF Research, disclose NAME:WRECK, a set of nine vulnerabilities affecting four popular TCP/IP stacks (FreeBSD, Nucleus NET, IPnet and NetX). These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of...

securityboulevard.com

 

[DutchDaemon]

Millions of devices at risk from NAME:WRECK DNS bugs | Computer Weekly

Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk.

www.computerweekly.com

 

[DutchDaemon]

NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices

Patches and mitigations available.

www.itnews.com.au

 

[DutchDaemon]

Name:Wreck Bugs Could Impact 100M IoT Devices

Name:Wreck Bugs Could Impact 100M IoT Devices. Exploitation could deny service or enable remote code execution

www.infosecurity-magazine.com

 

[DutchDaemon]

https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations

 

[DutchDaemon]

Note:

The paper's referencing a bug that's already fixed in all supported
versions of FreeBSD. A lot of hand waving just for "nothing to see
here, move along" if your systems are up-to-date.

The commit that fixed the vulnerability is
8f594d4355a16f963e246be0b88b9fba8ad77049, made on 31 Aug 2020. That's
over a half a year ago.

Thanks,

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD