From: Dave van der Locht <d.vanderlocht@gmail.com>
To: linux-hams@vger.kernel.org
Subject: SECURITY: Some type of NETROM frames contain random fragments of data from memory
Date: Thu, 22 Jul 2021 13:40:23 +0200 [thread overview]
Message-ID: <CAH4uzPNH6GVX_H0eCrBUxPdgynRc9a7xLGde1_37dTCz3fgJOA@mail.gmail.com> (raw)
Hi,
With Linux kernel 5.4 and up I've noticed some type of NETROM frames
(conn, disc, etc.) contain random fragments of data from memory.
I've seen all kinds of data fragments with security sensitive
information in them depending on the software running.
Those random data fragments seem to appear only in some NETROM frames,
haven't noticed them in any other frame type.
Most, if not all, remote node software seems to ignore those fragments
and it won't be noticed until you capture the AX.25 over UDP frames.
You'll see the frames are larger than expected and contain random
fragments of data from (shared?) memory.
I've tested this with several 5.4 and 5.10 kernel versions
distributions and they all seem to leak security sensitive information
the same way into NETROM frames. Mostly logging data, but I've also
seen MySQL data and other random fragments of data.
I've also tested with kernel 4.19, which doesn't seem te be affected.
Kind regards,
Dave van der Locht
next reply other threads:[~2021-07-22 11:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-22 11:40 Dave van der Locht [this message]
2021-07-22 12:48 ` SECURITY: Some type of NETROM frames contain random fragments of data from memory Ralf Baechle DL5RB
[not found] ` <CAH4uzPPuXA19KvikagjcQZmFYvTjw1nNCVQhY_07LPz_F0mmSw@mail.gmail.com>
2021-07-22 13:30 ` Fwd: " Dave van der Locht
[not found] ` <YPmo1cAlGdIkapxL@linux-mips.org>
[not found] ` <CAH4uzPMXHnR+Z60iCA41FYsbDViQ5K2kMC_YWC1r4EaWMKiT8w@mail.gmail.com>
2021-10-15 9:28 ` Dave van der Locht
2022-07-13 17:28 ` Dave van der Locht
2022-07-15 12:18 ` Dan Cross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH4uzPNH6GVX_H0eCrBUxPdgynRc9a7xLGde1_37dTCz3fgJOA@mail.gmail.com \
--to=d.vanderlocht@gmail.com \
--cc=linux-hams@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).