Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANO=Ty0qqSYWXQ2SfZuq8BOZ2rhGvg5mGxD2pB38HVvp1vvrwg@mail.gmail.com>
Date: Tue, 23 Aug 2016 08:21:25 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Marcus Meissner <meissner@...e.de>, Adam Maris <amaris@...hat.com>, Greg KH <greg@...ah.com>, 
	CVE ID Requests <cve-assign@...re.org>, security@...nel.org
Subject: Re: Re: CVE Request: Linux kernel crash of OHCI when
 plugging in malicious USB devices

On Mon, Aug 22, 2016 at 11:38 PM, Willy Tarreau <w@....eu> wrote:
>
> I'd classify it differently : something where a bug allows someone
> unauthorized to do something he couldn't do differently needs a CVE.
> That includes memory corruption, code execution, privilege increases,
> local DoS/panic/oops by just executing an exploit, etc. Here we're
> speaking about someone plugging some hardware into an open port which
> immediately takes the whole system down. Sure, the faulty code makes
> this possible. But the hardware is purposely designed for this. I can
> also design some hardware which takes the system down and possibly even
> fries it without involving the code at all. So once this device is
> built, if we assign a CVE, nobody will fix it and it will not even
> apply to any specific OS. Oh, after just one Google request I found
> that I was not the first one to think about it, it already exists :
>
>    http://arstechnica.com/security/2015/10/usb-killer-
> flash-drive-can-fry-your-computers-innards-in-seconds/
>

Ah but defending against this sort of physical attack is actually quite
easy, use a USB hub, or for higher assurance use a wireless USB hub. TBH
I'm not sure what the difference is between say the above USB killer and a
small taser or a small squirt bottle of saline solution.

In general I should be able to plug USB devices into a computer without the
computer succumbing to software based attacks (stuxnet anyone?).

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.