spacecruft
/
pysalx
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

25 kern cve in 2021 alone

main
jebba 2022-01-28 08:21:46 -07:00
parent 8d101a6194
commit b26481c32f
1 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
doc/SEC.md
View File

@ -1,4 +1,10 @@
# Security # Security
aka, I'd rather be teaching an AI to categorize spectra, but since I
can't do that, I'm sitting around doing this in the interim.
* https://spacecruft.org/spacecruft/pysalx/issues/1
Quick evaluation is it is basically and older Android device, likely Quick evaluation is it is basically and older Android device, likely
vulnerable to a wide range of older attacks. Has wifi, bluetooth, vulnerable to a wide range of older attacks. Has wifi, bluetooth,
maybe even GSM... maybe even GSM...
@ -76,7 +82,7 @@ some as old as 2013.
* USB * USB
# Attack Points # Hypothetical Scenarios
Nature of attacks, once exploited. Nature of attacks, once exploited.
The devices query remote servers on port `80` in cleartext. This can be The devices query remote servers on port `80` in cleartext. This can be
@ -87,6 +93,10 @@ say there's no gold when there is gold. Nefarious company could EPA's device
when they come inspect contaminated land, and make the device's readings when they come inspect contaminated land, and make the device's readings
say everything is ok. say everything is ok.
* Attacker sells bullion to vendor. Vendor tests with analyzer, which
attacker has rooted. Grade of bullion is found to be pure, when fake.
Vendor overpays for fake metal.
* Device can be a remote access point back into a corporate network. * Device can be a remote access point back into a corporate network.
Since the device is taken into the field and back into corporate offices, Since the device is taken into the field and back into corporate offices,
it makes it an ideal vector to further penetrate networks. An employee it makes it an ideal vector to further penetrate networks. An employee
@ -98,8 +108,43 @@ device then phones home back to attackers.
* Safety features of the device can be overridden, causing it to emit * Safety features of the device can be overridden, causing it to emit
xray or laser power beyond default limits. xray or laser power beyond default limits.
# Misc # Misc
* All devices have the same static IP hardcoded in binary. * All devices have the same static IP hardcoded in binary.
# CVE
The system is running kernel `3.10.49` which has a vast list of known
vulnerabilities.
## Known Kernel Holes:
The system uses Linux kernel `3.10.49`. This kernel was released
July 17th, 2014. Release announcement:
* https://lwn.net/Articles/605933/
There were 25 Kernel 3.10.49 vulnerabilities disclosed in 2021:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46283
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28715
...
* This doozy is considered a top 25. Nice how it has a CVE from 2018,
but disclosure in 2021! :)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25020
...
* Too numerous to list for now...