Backdoor found in the operating system Curiosity rover

Conocimiento pertenece al mundo
Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Share on StumbleUponShare on TumblrShare on RedditPin on PinterestEmail this to someone

Corrections VxWorks from Wind River, which runs a large number of applications from the Earth to the rover Curiosity be made.

Canadian security researcher Yannick Formaggio detailed VxWorks significant failure, the real-time operating system (RTOS) by  Wind River, which is  a subsidiary of Intel.

Speaking at the  famous  event  last week 44CON, Formaggio detailing how a problem in integer overflow allows remote execution of code in the operating system. Formaggio discovered the flaw after performing fuzzing the operating system to better explain to a client operation. That effort led the investigator to testify that Wind River usually does a good job security, but had not thought about what might happen when a credential is set to a negative value.

Backdoor found in the operating system Curiosity rover

Once Formaggio was working with this trick, he discovered that he could win and perform bypass (evación) in all memory protections and set up an account as a backdoor. This is exactly what should not be possible in the type of devices that require an RTOS, as most expected to be extraordinarily reliable and safe for them to go ahead with the operation works as industrial equipment, aircraft and in this case The Curiosity rover that Wind River has proudly as a client .

Formaggio also found in the operating system that “the FTP server is susceptible to buffer overflow ring when accessed at high speed” and locked when they send a “user name and password corresponding to specific needs”.

6.9.4.1 versions 5.5 to have the problem, which means that millions of devices need patches. Wind River had recognized the error and is in the process of providing repairs. Formaggio urges users of the operating system to check the library of knowledge of Wind River for its time code solution.

The researcher also said that talk and detail its implementation fuzzing this page in the coming weeks, but will not reveal the exploit code “unless explicit prior authorization.”

Fuente:http://www.seguridad.unam.mx/

Conocimiento pertenece al mundo
Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Share on StumbleUponShare on TumblrShare on RedditPin on PinterestEmail this to someone