|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bastille and Comcast CVE IDs
- To: "Coffin, Chris" <ccoffin@mitre.org>, Kurt Seifried <kseifried@redhat.com>
- Subject: Re: Bastille and Comcast CVE IDs
- From: Art Manion <amanion@cert.org>
- Date: Mon, 2 Oct 2017 12:41:46 -0400
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Mon Oct 2 13:28:39 2017
- Dkim-filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu v92GftQX026493
- In-reply-to: <MWHPR09MB1456330556ABCDF14DC471D8A17D0@MWHPR09MB1456.namprd09.prod.outlook.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <99f4aac1-f1d7-1a4e-a821-cc40b1ba4687@cert.org> <CANO=Ty3x3Dd-3_D5-_TU=ccoLsSXxZFgQKqXYQvW+Gq-dY3Fdw@mail.gmail.com> <1a2221c2-d1f8-a6fe-4376-c8c8ea0622e8@cert.org> <MWHPR09MB1456330556ABCDF14DC471D8A17D0@MWHPR09MB1456.namprd09.prod.outlook.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
Another set of assignments in question, most of these seem to imply that MAC or IP addresses are meant to be secret and that disclosing them is a vulnerability. I get the pen-testing aspects/thread through this research. What I'm concerned about is distinguishing test/attack/recon activity from "vulnerabilities that get CVE IDs." Maybe this is a question about what "Exposures" means? CVE-2017-9478 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt Recon using IP, MAC, and DNS CVE-2017-9481 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-24.atom-ip-routing.txt Once I get on the device, I can use the route command to do what it is supposed to and reach another component (the network processor) in the device. CVE-2017-9477 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-19.wifi-dhcp-cm-mac-leak.txt MAC address isn't a secret. CVE-2017-9484 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-27.ipv6-cm-mac-leak.txt MAC address isn't a secret. Generating a deterministic password from MAC is probably a vulnerability. CVE-2017-9483 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt Duplicate, instance of CVE-2015-6361? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6361 - Art
- References:
- Re: Bastille and Comcast CVE IDs
- From: Art Manion <amanion@cert.org>
- RE: Bastille and Comcast CVE IDs
- From: "Coffin, Chris" <ccoffin@mitre.org>
- Re: Bastille and Comcast CVE IDs
- Prev by Date: Re: Bastille and Comcast CVE IDs
- Next by Date: RE: Bastille and Comcast CVE IDs
- Previous by thread: Re: Bastille and Comcast CVE IDs
- Next by thread: RE: Proposed CNA Summit February 13-14, 2018
- Index(es):