VxWorks stack overflow EOP reported

Intel Product Security has a new security advisory for Wind River’s VxWorks:

Stack overflow vulnerability in Wind River VxWorks
Intel ID:      INTEL-SA-00064
Product family:      Wind River VxWorks
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Critical
Original release:      Nov 01, 2016

WindRiver is releasing mitigations for a privilege escalation issue. This issue affects versions of Wind River VxWorks products. The issue being mitigated is a method to execute arbitrary code without user interactions. Anonymous remote attackers can cause a stack overflow, which can be used to obtain remote code execution on affected devices running vulnerable VxWorks versions without any user interactions. Intel strongly recommends customers using impacted versions of WindRiver VxWorks to upgrade to the latest version listed in the table above.
Acknowledgements: Alex Wheeler, David Barksdale – Exodus Intelligence

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s