VxWorks stack overflow EOP reported

Intel Product Security has a new security advisory for Wind River’s VxWorks:

Stack overflow vulnerability in Wind River VxWorks
Intel ID:      INTEL-SA-00064
Product family:      Wind River VxWorks
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Critical
Original release:      Nov 01, 2016

WindRiver is releasing mitigations for a privilege escalation issue. This issue affects versions of Wind River VxWorks products. The issue being mitigated is a method to execute arbitrary code without user interactions. Anonymous remote attackers can cause a stack overflow, which can be used to obtain remote code execution on affected devices running vulnerable VxWorks versions without any user interactions. Intel strongly recommends customers using impacted versions of WindRiver VxWorks to upgrade to the latest version listed in the table above.
Acknowledgements: Alex Wheeler, David Barksdale – Exodus Intelligence


VxWorks network vulnerability

VxWorks: Execute My Packets