Wind River Systems, Inc. Information for VU#362332

Wind River Systems VxWorks debug service enabled by default

Status

Affected

Vendor Statement

Wind River has analyzed VU#362332, and determined that all versions of VxWorks could be vulnerable if the WDB agent is left enabled in production systems and the system is network attached. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow the remediation actions outlined in the SOLUTION section of the vulnerability post.

Registered users can access Wind River's online support for more information by following this link:
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708

Or contact Wind River technical support for more information:
http://windriver.com/support/

Vendor Information

Within the VxWorks Kernel programmers guide it states:
“For production systems, you will want to reconfigure VxWorks with only those components needed for deployed operation, and to build it as the appropriate type of system image. You will likely want to remove components required for host development support, such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG), as well as to remove any other operating system components not required to support your application. Other considerations may include reducing the memory requirements of the system, speeding up boot time, and security issues.”

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.