[Cerowrt-devel] aarch64 exploit POC

Outback Dingo outbackdingo at gmail.com
Sun Jan 7 11:21:34 EST 2018


yes but i would think you would post it to the LEDE / OpenWRT lists also

On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht <dave.taht at gmail.com> wrote:
> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo <outbackdingo at gmail.com> wrote:
>> OH hell...  notifying all my "cohorts"...... thanks for the heads up
>
> Then go drinking.
>
> Aside from x86 arches (anyone have word on the x86 chip in the
> pcengines?), it looks like the mips chips simply were not advanced
> enough to have this level of speculation and out of order behavior.
>
> The turris omnia and a few other high end arm chips in this part of
> the embedded router space are also vulnerable (I'm hoping that the
> lede folk can compile a list) - but - if you can execute *any*
> malicious code as root on embedded boxes - which is usually the case -
> you've already won.
>
> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists
> being assembled on wikipedia, reddit, and elsewhere.
>
> My own terror is primarily for stuff in the cloud. There IS a vendor
> renting time on bare metal in-expensively, which I'm considering.
>
> (example: https://www.packet.net/bare-metal/servers/type-2a/)
>
> Ironically all the bufferbloat.net services used to run on bare metal,
> until the competing lower costs of the cloud knocked isc.org out of
> the business.
>
>
>
>>
>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht <dave.taht at gmail.com> wrote:
>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>>>
>>> There comes a time after coping with security holes nonstop for 5 days
>>> straight, when it is best to log off the internet entirely, stop
>>> thinking, drink lots of rum, and go surfing.
>>>
>>> Today is that day, for me.
>>>
>>> --
>>>
>>> Dave Täht
>>> CEO, TekLibre, LLC
>>> http://www.teklibre.com
>>> Tel: 1-669-226-2619
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave Täht
> CEO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-669-226-2619


More information about the Cerowrt-devel mailing list