lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Oct 2009 14:11:50 +0200 From: Thierry Zoller <Thierry@...ler.lu> To: full-disclosure@...ts.grok.org.uk Cc: Valdis.Kletnieks@...edu, Jonathan Leffler <jleffler@...ibm.com> Subject: Re: When is it valid to claim that a vulnerability leads to a remote attack? Hi Dan, DK> There are a substantial number of file formats that are code-execution DK> equivalent with no exploits necessary -- .exe, .com, .bat, etc. You thus DK> can't say that an executed file must not execute code, because there's no DK> way for the user to know whether a file on his desktop is an .exe or DK> something else. Maybe I misunderstand what you are saying but - Isn't the point in this case is that running binary files mapped as executables is not exploiting a vulnerability in a third party application ? I understood that Jonathan was asking whether the exploitation of a file format vulnerability in Product X can be categorized as remotely exploitable - even though it is not exposed to the outside and one can only reach arbitrary control by indirect means. I think we can agree that yes, it is remotely exploitable and as such should be categorized as "remote" in Risk/Impactt scoring systems ? Does anybody disagree ? I'd be interested to hear your point of view. DK> The key here is "escalation of privilege". At the point you're launching DK> formats, the privilege has already been granted. If you could dive into this a bit more as I can't follow you here. I frankly don't know any Access control logic where running a format leads to the escalation of a privilege, per se. -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists