| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050717114154.281c41e4.gstewart@spamcop.net> Date: Sun, 17 Jul 2005 11:41:54 +0200 From: Godwin Stewart <gstewart@...mcop.net> To: Derek Martin <code@...zashack.org> Cc: bugtraq@...urityfocus.com Subject: Re: On classifying attacks -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 16 Jul 2005 12:40:29 -0400, Derek Martin <code@...zashack.org> wrote: > It seems to me your statement can't be correct, because this is ALWAYS > the case. A local exploit requires that a local user run an > executable. A remote exploit requires that a local user run an > executable, even if that is accomplished merely by booting the system. > All exploits require running code, and code doesn't magically start > itself... Running code is required, because it is the very running > code which is being exploited. Maybe so, however with the case of the BIND attack, the vulnerability in locally running code (named) is being exploited by a remote attacker via the network. In the case of an e-mail containing malicious code, the code being exploited (parts of the Windows kernel or whatever) is being attacked by code running locally - on the *same* machine. In this sense it can hardly qualify as a "remote" exploit. - -- G. Stewart - gstewart@...mcop.net A lot of money is tainted. 'Taint yours and 'taint mine. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC2ifiK5oiGLo9AcYRAswqAJ9lPxLOVO45WpnKxWEYva41HSbnrwCfdkGT fEc+qbBBB4LKkzeR5bKMikg= =yzAH -----END PGP SIGNATURE-----
Powered by blists - more mailing lists