The devil’s in the details

The NAME:WRECK report isn’t just one bug or one vulnerability, and all of them date back to last year except for one.

Fortunately, they are all patched (at least one has had an update out for nearly a year already) but together they constitute a worthwhile reminder that even in the modern age, programmers continue to make old-school coding mistakes.

The vulnerabilities that have been lumped together under the NAME:WRECK “brand” were found in three different operating systems.

Two were low-level operating systems, often known as RTOSes (short for real-time operating systems) dedicated to internet-of-things (IoT) devices, namely Nucleus NET from Siemens and NetX from Microsoft.

The third was FreeBSD, widely used as both a mainstream server operating system and as an operating system for embedded devices. (As the name suggests, FreeBSD is available for free, like Linux, but it uses a much more easy-going and liberal open source licence.)

Parsing errors and randomness problems