lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 9 Oct 2009 12:09:08 +0200
From: Thierry Zoller <Thierry@...ler.lu>
To: Jonathan Leffler <jleffler@...ibm.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: When is it valid to claim that a
	vulnerability leads to a remote attack?

Hi Jonathan,

IMHO  it  generally  is classified as remote. Some vendors call it
"user  assisted  remote arbitrary code execution" which, in my opinion
is just downplaying the issue - there are virtually unlimited means to
get  somebody  or something to open such a file some less assisted but
still exploiting the issue at hand.

If  you  want  to  find  common  ground  with said person, propose the
denomination above.

This   subject   is  indeed  interesting and worth discussing, not sure
FD is the best place though.

Regards,
Thierry

JL> A reputable security defect reporting organization is claiming that a
JL> Windows program is subject to a remote attack because:

JL> * The vulnerable program (call it 'pqrminder') is registered as the
JL> 'handler' for files with a specific extension (call it '.pqr').
JL> * If the user downloads a '.pqr' file (or is sent on in the mail and clicks
JL> on it), then 'pqrminder' is invoked.
JL> * If the file is malformed, then arbitrary code can be executed (buffer
JL> overflow).

JL> While recognizing that there is a bug here, that does not strike me as
JL> being what is normally meant by a 'remote attack'.

JL> --
JL> Jonathan Leffler (jleffler@...ibm.com)
JL> STSM, Informix Database Engineering, IBM Information Management
JL> 4400 N First St, San Jose, CA 95134-1257
JL> Tel: +1 408-956-2436         Tieline: 475-2436
JL> "I don't suffer from insanity; I enjoy every minute of it!"


-- 
http://blog.zoller.lu
Thierry Zoller


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ