Re: Bastille and Comcast CVE IDs

• To: "Coffin, Chris" <ccoffin@mitre.org>, Kurt Seifried <kseifried@redhat.com>
• Subject: Re: Bastille and Comcast CVE IDs
• From: Art Manion <amanion@cert.org>
• Date: Mon, 2 Oct 2017 12:41:46 -0400
• Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;
• Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
• Delivery-date: Mon Oct 2 13:28:39 2017
• Dkim-filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu v92GftQX026493
• In-reply-to: <MWHPR09MB1456330556ABCDF14DC471D8A17D0@MWHPR09MB1456.namprd09.prod.outlook.com>
• List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
• List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
• List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
• List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
• References: <99f4aac1-f1d7-1a4e-a821-cc40b1ba4687@cert.org> <CANO=Ty3x3Dd-3_D5-_TU=ccoLsSXxZFgQKqXYQvW+Gq-dY3Fdw@mail.gmail.com> <1a2221c2-d1f8-a6fe-4376-c8c8ea0622e8@cert.org> <MWHPR09MB1456330556ABCDF14DC471D8A17D0@MWHPR09MB1456.namprd09.prod.outlook.com>
• Sender: <owner-cve-editorial-board-list@lists.mitre.org>
• Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
• Spamdiagnosticoutput: 1:2
• User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

Another set of assignments in question, most of these seem to imply 
that MAC or IP addresses are meant to be secret and that disclosing 
them is a vulnerability.

I get the pen-testing aspects/thread through this research.  What I'm 
concerned about is distinguishing test/attack/recon activity from 
"vulnerabilities that get CVE IDs."

Maybe this is a question about what "Exposures" means?


CVE-2017-9478
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt

Recon using IP, MAC, and DNS


CVE-2017-9481
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-24.atom-ip-routing.txt

Once I get on the device, I can use the route command to do what it is 
supposed to and reach another component (the network processor) in the 
device.


CVE-2017-9477
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-19.wifi-dhcp-cm-mac-leak.txt

MAC address isn't a secret.


CVE-2017-9484
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-27.ipv6-cm-mac-leak.txt

MAC address isn't a secret.  Generating a deterministic password from 
MAC is probably a vulnerability.


CVE-2017-9483
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt

Duplicate, instance of CVE-2015-6361?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6361


 - Art

• References:
  • Re: Bastille and Comcast CVE IDs
    • From: Art Manion <amanion@cert.org>
  • RE: Bastille and Comcast CVE IDs
    • From: "Coffin, Chris" <ccoffin@mitre.org>

• Prev by Date: Re: Bastille and Comcast CVE IDs
• Next by Date: RE: Bastille and Comcast CVE IDs
• Previous by thread: Re: Bastille and Comcast CVE IDs
• Next by thread: RE: Proposed CNA Summit February 13-14, 2018
• Index(es):
  • Date
  • Thread