lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a5e4c8305072008263a70d367@mail.gmail.com>
Date: Wed, 20 Jul 2005 11:26:52 -0400
From: Technica Forensis <forensis.technica@...il.com>
To: Crispin Cowan <crispin@...ell.com>
Cc: "Black, Michael" <black@...excorp.com>,
	James Longstreet <jlongs2@....edu>,
	Derek Martin <code@...zashack.org>, bugtraq@...urityfocus.com
Subject: Re: On classifying attacks


> >Using this definition the email example is local and both bind examples
> >are remote.
> .. and any definition that classifies the e-mail example as "local" is
> just broken.

This really depends on the situation.  Say I write an exploit that
when run as a user spawns a listening ssh service with root priv.  I
get on the system however I do, download this file and exec it.  I
think everyone would agree that is a local exploit.
I send that same file as an email attachment to some dolt and peer
pressure him into running it.  Just because I downloaded the file by
emailing it to said dolt doesn't change the exploit from local to
remote. It potentially changes it from 'exploit' to trojan, but it is
still being executed locally.

And, I agree with Crispin that the local/remote distinction is a huge
gaping hole in the taxonomy, but rather than not using it I think it
should be added to and improved on.

C


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ