CVE-2015-7599

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 5.5 through 6.9.4.1

Description The issue is related to an integer overflow in the authenticate function, which can be triggered when the Remote Procedure Call (RPC) protocol is enabled. This can allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by providing a username and password.

Recommendations For Wind River VxWorks versions 5.5 through 6.9.4.1, consider disabling the RPC protocol until a patch is available. As a temporary workaround, restrict access to the authenticate function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.