Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Aug 2016 15:01:07 +0000
From: "Radzykewycz, T (Radzy)" <radzy@...driver.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: Marcus Meissner <meissner@...e.de>, Adam Maris <amaris@...hat.com>,
        "Greg
 KH" <greg@...ah.com>, CVE ID Requests <cve-assign@...re.org>,
        "security@...nel.org" <security@...nel.org>
Subject: RE: [security-vendor] Re: Re: CVE Request: Linux
 kernel crash of OHCI when plugging in malicious USB devices


________________________________________
> From: Kurt Seifried [kseifried@...hat.com]
> Sent: Tuesday, August 23, 2016 7:21 AM
> To: oss-security
> Cc: Marcus Meissner; Adam Maris; Greg KH; CVE ID Requests; security@...nel.org
> Subject: [security-vendor] Re: [oss-security] Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices
> 
> On Mon, Aug 22, 2016 at 11:38 PM, Willy Tarreau <w@....eu> wrote:
> >
> > I'd classify it differently : something where a bug allows someone
> > unauthorized to do something he couldn't do differently needs a CVE.
> > That includes memory corruption, code execution, privilege increases,
> > local DoS/panic/oops by just executing an exploit, etc. Here we're
> > speaking about someone plugging some hardware into an open port which
> > immediately takes the whole system down. Sure, the faulty code makes
> > this possible. But the hardware is purposely designed for this. I can
> > also design some hardware which takes the system down and possibly even
> > fries it without involving the code at all. So once this device is
> > built, if we assign a CVE, nobody will fix it and it will not even
> > apply to any specific OS. Oh, after just one Google request I found
> > that I was not the first one to think about it, it already exists :
> >
> >    http://arstechnica.com/security/2015/10/usb-killer-
> > flash-drive-can-fry-your-computers-innards-in-seconds/
> >
> 
> Ah but defending against this sort of physical attack is actually quite
> easy, use a USB hub, or for higher assurance use a wireless USB hub. TBH
> I'm not sure what the difference is between say the above USB killer and a
> small taser or a small squirt bottle of saline solution.

If an attacker drops a bottle of saline solution on the floor
outside the target's office, it's unlikely to be plugged in to
the USB port.

Enjoy!

				-- radzy

> In general I should be able to plug USB devices into a computer without the
> computer succumbing to software based attacks (stuxnet anyone?).
> 
> --
> Kurt Seifried -- Red Hat -- Product Security -- Cloud
> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
> Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ