Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system.
Dubbed “NAME:WRECK” by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security of widely-used TCP/IP stacks that are incorporated by various vendors in their firmware to offer internet and network connectivity features.
“These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them,” the researchers said.
The name comes from the fact that parsing of domain names can break (i.e., “wreck”) DNS implementations in TCP/IP stacks, adding to a recent uptick in vulnerabilities such as SigRed, SAD DNS, and DNSpooq that leverage the “phonebook of the internet” as an attack vector.
They also mark the fifth time security weaknesses have been identified in the protocol stacks that underpin millions of…