oss-sec mailing list archives

Malicious devices & vulnerabilties

From: Xi Wang <xi.wang () gmail com>
Date: Sat, 7 Jan 2012 18:01:46 -0500

Hi,

In general driver code trusts hardware devices and often doesn't
validate the data they respond with.  But how about USB devices
that an attacker could plug into a victim's computer?  For example,
an attacker may craft a USB device with a long product name to cause
a buffer overflow (CVE-2011-0712).

http://www.openwall.com/lists/oss-security/2011/02/16/5
http://twitter.com/#!/mwrlabs/status/44814759396249600

Here is another possible bug in the USB audio format parser I tried
to report upstream.

https://lkml.org/lkml/2012/1/4/215

I am wondering where to draw the line.  Should such device drivers
be considered vulnerable or not?  Thanks.

- xi

Current thread:

Malicious devices & vulnerabilties Xi Wang (Jan 07)
- Re: Malicious devices & vulnerabilties Florian Weimer (Jan 08)
  - Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
    - Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 08)
    - Re: Malicious devices & vulnerabilties Ludwig Nussel (Jan 09)
    - Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 09)
  - Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
    - Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)
    - Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
    - Re: Malicious devices & vulnerabilties Vasiliy Kulikov (Jan 09)
    - Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 08)

(Thread continues...)