Wind River VxWorks Integer Overflow Vulnerability
Wind River VxWorks Integer Overflow Vulnerability
Release date:
Updated on:
Affected Systems:
Wind River Systems VxWorks 5.5-6.9.4.1
Description:
VxWorks is a real-time operating system widely used on ICS-related devices.
Wind River VxWorks 5.5-6.9.4.1 has the integer overflow vulnerability in implementation. After successful exploitation, attackers can remotely execute arbitrary code in the operating system to destroy or bypass all memory protection, configure a backdoor account. In addition, the FTP server in VxWorks also has the buffer overflow vulnerability. the user name and password created can cause a crash.
<* Source: Yannick Formaggio
*>
Suggestion:
Vendor patch:
Wind River Systems
------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.windriver.com/
This article permanently updates the link address: