Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Wind River VxWorks patches some TCP sequence spoofing bugs

1995 called, wants its vulnerability back

Intel-owned embedded software outfit Wind River has been caught with an embarrassing bug in its VxWorks OS.

According to the ICS-Cert advisory, the bug's only been identified in kit from Schneider Electric at this stage. It relates to how various VxWorks versions handle their TCP flows.

Discovered by a bunch of researchers from NEETRAC at Georgia Tech, the vulnerability affects VxWorks Version 7 older than February 13, 2015; version 6.9 releases lower than 6.9.4.4, version 6.8 releases lower than 6.8.3, version 6.7 releases lower than 6.7.1.1, and most releases prior to version 6.6.

What's embarrassing is that the vulnerability permits one of the oldest-known attacks on the Internet: a TCP spoofing attack.

As various RFCs note (here's one from 2007, for example), TCP has always been susceptible to being sent packets with faked source addresses, because endpoints tend to trust the packets they receive.

During the 1990s, most operating systems got TCP stacks that randomised initial TCP sequences to get around spoofing, and that's the mistake that Wind River has made.

“The VxWorks software generates predictable TCP initial sequence numbers,” the advisory says, “that may allow an attacker to predict the TCP initial sequence numbers from previous values”.

As well as Schneider Electric, other as-yet-unnamed vendors use vulnerable kit, and ICS-Cert says it will update the list of affected products once vendors publish their patches.

While Wind River has patched the vuln for supported versions of its software, end-of-life versions will not be patched. Options are being discussed with OEMs, the advisory says. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like