From b26481c32f896777c736ee60a9c65d1e9d8fa6a4 Mon Sep 17 00:00:00 2001 From: jebba Date: Fri, 28 Jan 2022 08:21:46 -0700 Subject: [PATCH] 25 kern cve in 2021 alone --- doc/SEC.md | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/doc/SEC.md b/doc/SEC.md index 9a867d6..72430ac 100644 --- a/doc/SEC.md +++ b/doc/SEC.md @@ -1,4 +1,10 @@ # Security +aka, I'd rather be teaching an AI to categorize spectra, but since I +can't do that, I'm sitting around doing this in the interim. + +* https://spacecruft.org/spacecruft/pysalx/issues/1 + + Quick evaluation is it is basically and older Android device, likely vulnerable to a wide range of older attacks. Has wifi, bluetooth, maybe even GSM... @@ -76,7 +82,7 @@ some as old as 2013. * USB -# Attack Points +# Hypothetical Scenarios Nature of attacks, once exploited. The devices query remote servers on port `80` in cleartext. This can be @@ -87,6 +93,10 @@ say there's no gold when there is gold. Nefarious company could EPA's device when they come inspect contaminated land, and make the device's readings say everything is ok. +* Attacker sells bullion to vendor. Vendor tests with analyzer, which +attacker has rooted. Grade of bullion is found to be pure, when fake. +Vendor overpays for fake metal. + * Device can be a remote access point back into a corporate network. Since the device is taken into the field and back into corporate offices, it makes it an ideal vector to further penetrate networks. An employee @@ -98,8 +108,43 @@ device then phones home back to attackers. * Safety features of the device can be overridden, causing it to emit xray or laser power beyond default limits. + # Misc * All devices have the same static IP hardcoded in binary. +# CVE +The system is running kernel `3.10.49` which has a vast list of known +vulnerabilities. + + +## Known Kernel Holes: +The system uses Linux kernel `3.10.49`. This kernel was released +July 17th, 2014. Release announcement: + +* https://lwn.net/Articles/605933/ + + +There were 25 Kernel 3.10.49 vulnerabilities disclosed in 2021: + +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083 + +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222 + +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46283 + +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28715 + +... + +* This doozy is considered a top 25. Nice how it has a CVE from 2018, +but disclosure in 2021! :) + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25020 + +... + +* Too numerous to list for now... + +