oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2

From: "Stuart D. Gathman" <stuart () gathman org>
Date: Thu, 22 Aug 2019 16:28:38 -0400 (EDT)
Since we're arguing...  What would worry me is an exploit where I allow
a friend to connect their USB flash drive, it operates normally to all appearances. Nothing is auto-executed by a stupid OS (like the Iran centrifuge worm). But, the device is able to insert some privileged code through low level protocol bugs - all while operating normally as 
a USB storage device.  It is not obvious how any of the USB bugs just
reported could be exploited that way - but anytime you have buffer
overflows and stuff, some evil genius might find a way.  I also worry
about file system bugs doing something similar on any removeable media,
or downloaded image.

On Thu, 22 Aug 2019, Eddie Chapman wrote:


On 22/08/2019 20:00, Perry E. Metzger wrote:

You can argue anything you like. Power charging points have popped up
around the world, and you're not in a position to stop
them. Furthermore, I'll note that over the air exploitable bugs in
things like WiFi stacks and Bluetooth stacks have also appeared over
time; perhaps it's foolish to have your phone on at all, and yet
people will continue to turn their phones on, and even to use them.


--
              Stuart D. Gathman <stuart () gathman org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
Previous By Date Next
Previous By Thread Next

Current thread: