Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Aug 2016 15:01:07 +0000
From: "Radzykewycz, T (Radzy)" <radzy@...driver.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: Marcus Meissner <meissner@...e.de>, Adam Maris <amaris@...hat.com>,
        "Greg
 KH" <greg@...ah.com>, CVE ID Requests <cve-assign@...re.org>,
        "security@...nel.org" <security@...nel.org>
Subject: RE: [security-vendor] Re: Re: CVE Request: Linux
 kernel crash of OHCI when plugging in malicious USB devices


________________________________________
> From: Kurt Seifried [kseifried@...hat.com]
> Sent: Tuesday, August 23, 2016 7:21 AM
> To: oss-security
> Cc: Marcus Meissner; Adam Maris; Greg KH; CVE ID Requests; security@...nel.org
> Subject: [security-vendor] Re: [oss-security] Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices
> 
> On Mon, Aug 22, 2016 at 11:38 PM, Willy Tarreau <w@....eu> wrote:
> >
> > I'd classify it differently : something where a bug allows someone
> > unauthorized to do something he couldn't do differently needs a CVE.
> > That includes memory corruption, code execution, privilege increases,
> > local DoS/panic/oops by just executing an exploit, etc. Here we're
> > speaking about someone plugging some hardware into an open port which
> > immediately takes the whole system down. Sure, the faulty code makes
> > this possible. But the hardware is purposely designed for this. I can
> > also design some hardware which takes the system down and possibly even
> > fries it without involving the code at all. So once this device is
> > built, if we assign a CVE, nobody will fix it and it will not even
> > apply to any specific OS. Oh, after just one Google request I found
> > that I was not the first one to think about it, it already exists :
> >
> >    http://arstechnica.com/security/2015/10/usb-killer-
> > flash-drive-can-fry-your-computers-innards-in-seconds/
> >
> 
> Ah but defending against this sort of physical attack is actually quite
> easy, use a USB hub, or for higher assurance use a wireless USB hub. TBH
> I'm not sure what the difference is between say the above USB killer and a
> small taser or a small squirt bottle of saline solution.

If an attacker drops a bottle of saline solution on the floor
outside the target's office, it's unlikely to be plugged in to
the USB port.

Enjoy!

				-- radzy

> In general I should be able to plug USB devices into a computer without the
> computer succumbing to software based attacks (stuxnet anyone?).
> 
> --
> Kurt Seifried -- Red Hat -- Product Security -- Cloud
> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
> Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.