Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120108170725.GA25464@kroah.com>
Date: Sun, 8 Jan 2012 09:07:25 -0800
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: Malicious devices & vulnerabilties

On Sat, Jan 07, 2012 at 06:01:46PM -0500, Xi Wang wrote:
> Hi,
> 
> In general driver code trusts hardware devices and often doesn't
> validate the data they respond with.  But how about USB devices
> that an attacker could plug into a victim's computer?  For example,
> an attacker may craft a USB device with a long product name to cause
> a buffer overflow (CVE-2011-0712).
> 
> http://www.openwall.com/lists/oss-security/2011/02/16/5
> http://twitter.com/#!/mwrlabs/status/44814759396249600
> 
> Here is another possible bug in the USB audio format parser I tried
> to report upstream.
> 
> https://lkml.org/lkml/2012/1/4/215
> 
> I am wondering where to draw the line.  Should such device drivers
> be considered vulnerable or not?  Thanks.

They should be considered buggy, yes, and as such, the kernel developers
will fix any reported problems (or we should, if not, please let me
know.)

But note, as these almost always fall under the "you have physical
access" category, their security impact is generally considered low.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.