[bug #58724] Treck Ripple20 Issues in LWIP

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[bug #58724] Treck Ripple20 Issues in LWIP

Ashley Duncan
URL:
  <https://savannah.nongnu.org/bugs/?58724>

                 Summary: Treck Ripple20 Issues in LWIP
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: swaizi
            Submitted on: Tue 07 Jul 2020 01:44:18 PM MDT
                Category: None
                Priority: 5 - Normal
                Severity: 6 - Security
                  Status: None
             Assigned to: None
        Originator Email: [hidden email]
        Operating System: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

Has it been explicitly tested that Ripple20 vulnerabilities inside the Treck
TCP / IP Stack are not exploitable inside LWIP V1 or V2 as well?




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?58724>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[bug #58724] Treck Ripple20 Issues in LWIP

Ashley Duncan
Update of bug #58724 (project lwip):

            lwIP version:                    None => Other                  

    _______________________________________________________

Follow-up Comment #2:

No, oh has not been tested. lwIP has complete different sources, so I'd be
surprised to find a match. Plus I just don't have the time at the moment to
check up the details of bugs in some other stack.

But if you have more details at hand, feel free to support us in checking if
these issues exist in lwIP.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?58724>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[bug #58724] Treck Ripple20 Issues in LWIP

Ashley Duncan
Follow-up Comment #3, bug #58724 (project lwip):

> But if you have more details at hand, feel free to support us in checking if
these issues exist in lwIP.

Unfortunately I lack the technical background and implementation details
concerning the LwIP stack. I encountered some script that might reveal if your
product is affected by some / all of the Ripple20 vulnerabilities
(https://github.com/corelight/ripple20) but I'm not sure if that can be run as
easily on devices that don't run the Treck stack.

Well most of the 19 vulnerabilities had "improper handling of length parameter
- cwe id 130" and "improper input validation - cwe id 20" as their common cwe
(common weakness enumeration). The vulnerabilities with cwe id 130 seemed to
be the most severe ones (all of them having a security severity score above 9
according to CVSS which is defined as "likely to have a catastrophic adverse
effect on the organization or individuals associated with the organization
(e.g., employees, customers)." according to CVSS.

We'd have different possibilities here:

Reassure that LwIP does have a decent amount of test cases for those common
weaknesses (20 and 130 - input validation of length and input data).

Give a try to the Ripple20 script and try to run it on a LwIP V1 and V2 device
if possible.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?58724>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[bug #58724] Treck Ripple20 Issues in LWIP

Ashley Duncan
Follow-up Comment #4, bug #58724 (project lwip):

> Give a try to the Ripple20 script and try to run it on a LwIP V1 and V2
device if possible.

Yes, you can do that if you want. Please share the results if you do.

Note that I *don't* expect for something to come out of this. I guess our fuzz
tests already have discovered many of these length check issues.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?58724>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel