How the NAME:WRECK Bugs Impact Consumers, Businesses

[silversurfer]

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK.
 
Devices ranging from smartphones, aircraft navigation systems and industrial internet of things (IIoT) endpoints are vulnerable to either a denial-of-service (DoS) or remote code-execution (RCE) attack, according to a joint report by Forescout Research Labs and JSOF Research Labs. Patches are available for some affected vendors.
 
Nine vulnerabilities were identified within the implementation of the Domain Name System (DNS) protocol used by TCP/IP network communication stacks. These two technologies are used in tandem to uniquely identifying devices connected to the internet and facilitate digital communications between them. The most serious of the flaws are rated critical in severity.

“The widespread deployment and often external exposure of vulnerable DNS clients leads to a dramatically increased attack surface,” researchers wrote in a report released Tuesday (PDF). “[W]e can estimate that at least 100 million devices are impacted by NAME:WRECK.”

Under the auspices of the research collective known as Project Memoria, NAME:WRECK is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years. Those that have come before are URGENT/11, Ripple20, Amnesia:33 and NUMBER:JACK (also discovered by Project Memoria and Forescout).

Read more: How the NAME:WRECK Bugs Impact Consumers, Businesses | Threatpost