Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Aug 2016 08:21:25 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Marcus Meissner <meissner@...e.de>, Adam Maris <amaris@...hat.com>, Greg KH <greg@...ah.com>, 
	CVE ID Requests <cve-assign@...re.org>, security@...nel.org
Subject: Re: Re: CVE Request: Linux kernel crash of OHCI when
 plugging in malicious USB devices

On Mon, Aug 22, 2016 at 11:38 PM, Willy Tarreau <w@....eu> wrote:
>
> I'd classify it differently : something where a bug allows someone
> unauthorized to do something he couldn't do differently needs a CVE.
> That includes memory corruption, code execution, privilege increases,
> local DoS/panic/oops by just executing an exploit, etc. Here we're
> speaking about someone plugging some hardware into an open port which
> immediately takes the whole system down. Sure, the faulty code makes
> this possible. But the hardware is purposely designed for this. I can
> also design some hardware which takes the system down and possibly even
> fries it without involving the code at all. So once this device is
> built, if we assign a CVE, nobody will fix it and it will not even
> apply to any specific OS. Oh, after just one Google request I found
> that I was not the first one to think about it, it already exists :
>
>    http://arstechnica.com/security/2015/10/usb-killer-
> flash-drive-can-fry-your-computers-innards-in-seconds/
>

Ah but defending against this sort of physical attack is actually quite
easy, use a USB hub, or for higher assurance use a wireless USB hub. TBH
I'm not sure what the difference is between say the above USB killer and a
small taser or a small squirt bottle of saline solution.

In general I should be able to plug USB devices into a computer without the
computer succumbing to software based attacks (stuxnet anyone?).

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ