25 kern cve in 2021 alone
parent
8d101a6194
commit
b26481c32f
47
doc/SEC.md
47
doc/SEC.md
|
@ -1,4 +1,10 @@
|
||||||
# Security
|
# Security
|
||||||
|
aka, I'd rather be teaching an AI to categorize spectra, but since I
|
||||||
|
can't do that, I'm sitting around doing this in the interim.
|
||||||
|
|
||||||
|
* https://spacecruft.org/spacecruft/pysalx/issues/1
|
||||||
|
|
||||||
|
|
||||||
Quick evaluation is it is basically and older Android device, likely
|
Quick evaluation is it is basically and older Android device, likely
|
||||||
vulnerable to a wide range of older attacks. Has wifi, bluetooth,
|
vulnerable to a wide range of older attacks. Has wifi, bluetooth,
|
||||||
maybe even GSM...
|
maybe even GSM...
|
||||||
|
@ -76,7 +82,7 @@ some as old as 2013.
|
||||||
|
|
||||||
* USB
|
* USB
|
||||||
|
|
||||||
# Attack Points
|
# Hypothetical Scenarios
|
||||||
Nature of attacks, once exploited.
|
Nature of attacks, once exploited.
|
||||||
|
|
||||||
The devices query remote servers on port `80` in cleartext. This can be
|
The devices query remote servers on port `80` in cleartext. This can be
|
||||||
|
@ -87,6 +93,10 @@ say there's no gold when there is gold. Nefarious company could EPA's device
|
||||||
when they come inspect contaminated land, and make the device's readings
|
when they come inspect contaminated land, and make the device's readings
|
||||||
say everything is ok.
|
say everything is ok.
|
||||||
|
|
||||||
|
* Attacker sells bullion to vendor. Vendor tests with analyzer, which
|
||||||
|
attacker has rooted. Grade of bullion is found to be pure, when fake.
|
||||||
|
Vendor overpays for fake metal.
|
||||||
|
|
||||||
* Device can be a remote access point back into a corporate network.
|
* Device can be a remote access point back into a corporate network.
|
||||||
Since the device is taken into the field and back into corporate offices,
|
Since the device is taken into the field and back into corporate offices,
|
||||||
it makes it an ideal vector to further penetrate networks. An employee
|
it makes it an ideal vector to further penetrate networks. An employee
|
||||||
|
@ -98,8 +108,43 @@ device then phones home back to attackers.
|
||||||
* Safety features of the device can be overridden, causing it to emit
|
* Safety features of the device can be overridden, causing it to emit
|
||||||
xray or laser power beyond default limits.
|
xray or laser power beyond default limits.
|
||||||
|
|
||||||
|
|
||||||
# Misc
|
# Misc
|
||||||
|
|
||||||
* All devices have the same static IP hardcoded in binary.
|
* All devices have the same static IP hardcoded in binary.
|
||||||
|
|
||||||
|
|
||||||
|
# CVE
|
||||||
|
The system is running kernel `3.10.49` which has a vast list of known
|
||||||
|
vulnerabilities.
|
||||||
|
|
||||||
|
|
||||||
|
## Known Kernel Holes:
|
||||||
|
The system uses Linux kernel `3.10.49`. This kernel was released
|
||||||
|
July 17th, 2014. Release announcement:
|
||||||
|
|
||||||
|
* https://lwn.net/Articles/605933/
|
||||||
|
|
||||||
|
|
||||||
|
There were 25 Kernel 3.10.49 vulnerabilities disclosed in 2021:
|
||||||
|
|
||||||
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083
|
||||||
|
|
||||||
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
|
||||||
|
|
||||||
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46283
|
||||||
|
|
||||||
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28715
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
* This doozy is considered a top 25. Nice how it has a CVE from 2018,
|
||||||
|
but disclosure in 2021! :)
|
||||||
|
|
||||||
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25020
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
* Too numerous to list for now...
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue