25 kern cve in 2021 alone
parent
8d101a6194
commit
b26481c32f
47
doc/SEC.md
47
doc/SEC.md
|
@ -1,4 +1,10 @@
|
|||
# Security
|
||||
aka, I'd rather be teaching an AI to categorize spectra, but since I
|
||||
can't do that, I'm sitting around doing this in the interim.
|
||||
|
||||
* https://spacecruft.org/spacecruft/pysalx/issues/1
|
||||
|
||||
|
||||
Quick evaluation is it is basically and older Android device, likely
|
||||
vulnerable to a wide range of older attacks. Has wifi, bluetooth,
|
||||
maybe even GSM...
|
||||
|
@ -76,7 +82,7 @@ some as old as 2013.
|
|||
|
||||
* USB
|
||||
|
||||
# Attack Points
|
||||
# Hypothetical Scenarios
|
||||
Nature of attacks, once exploited.
|
||||
|
||||
The devices query remote servers on port `80` in cleartext. This can be
|
||||
|
@ -87,6 +93,10 @@ say there's no gold when there is gold. Nefarious company could EPA's device
|
|||
when they come inspect contaminated land, and make the device's readings
|
||||
say everything is ok.
|
||||
|
||||
* Attacker sells bullion to vendor. Vendor tests with analyzer, which
|
||||
attacker has rooted. Grade of bullion is found to be pure, when fake.
|
||||
Vendor overpays for fake metal.
|
||||
|
||||
* Device can be a remote access point back into a corporate network.
|
||||
Since the device is taken into the field and back into corporate offices,
|
||||
it makes it an ideal vector to further penetrate networks. An employee
|
||||
|
@ -98,8 +108,43 @@ device then phones home back to attackers.
|
|||
* Safety features of the device can be overridden, causing it to emit
|
||||
xray or laser power beyond default limits.
|
||||
|
||||
|
||||
# Misc
|
||||
|
||||
* All devices have the same static IP hardcoded in binary.
|
||||
|
||||
|
||||
# CVE
|
||||
The system is running kernel `3.10.49` which has a vast list of known
|
||||
vulnerabilities.
|
||||
|
||||
|
||||
## Known Kernel Holes:
|
||||
The system uses Linux kernel `3.10.49`. This kernel was released
|
||||
July 17th, 2014. Release announcement:
|
||||
|
||||
* https://lwn.net/Articles/605933/
|
||||
|
||||
|
||||
There were 25 Kernel 3.10.49 vulnerabilities disclosed in 2021:
|
||||
|
||||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083
|
||||
|
||||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
|
||||
|
||||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46283
|
||||
|
||||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28715
|
||||
|
||||
...
|
||||
|
||||
* This doozy is considered a top 25. Nice how it has a CVE from 2018,
|
||||
but disclosure in 2021! :)
|
||||
|
||||
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25020
|
||||
|
||||
...
|
||||
|
||||
* Too numerous to list for now...
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue