News: Multiple DNS Vulnerabilities affecting over 100 million devices
Security researchers have discovered multiple Domain Name System (DNS) implementation vulnerabilities in four popular TCP/IP network stacks.
Dubbed NAME:WRECK, they affect over 100 million devices running on FreeBSD, IPnet, NetX and Nucleus NET stacks. Vulnerable devices could be subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks.
The following stacks are affected:
FreeBSD version 12.1
Nucleus NET version 4.3
NetX version 6.0.1
IPnet version VxWorks 6.6
Security patches for FreeBSD, Nucleus NET and NetX have been released. Administrators of the affected stacks are advised to apply the patch immediately. In the event where patching is not available (i.e. IPnet), administrators are recommended to implement the following mitigation measures:
Enforce segmentation controls and proper network hygiene measures such as restricting external communication paths and isolating or containing vulnerable devices in zones as a mitigating control if they cannot be patched or until they can be patched
Monitor progressive patches released by affected device vendors
Configure devices to rely on internal DNS servers
Monitor all network traffic for malicious packets
Researchers have released related open-source tools:
A script to identify possible vulnerable devices https://github.com/Forescout/project-memoria-detector
A library of queries to partially automate the finding of DNS-related vulnerabilities https://github.com/Forescout/namewreck
More information is available here:
https://www.forescout.com/research-labs/namewreck/
https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/
https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/