Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vuln scoring system anyone?

From: security curmudgeon <jericho () attrition org>
Date: Tue, 1 Mar 2005 15:35:17 -0500 (EST)

: Hmm. I guess my point here is that vendors are very bad places to get 
: your vulnerability information. When we release a WINS overflow, and it 
: works, that means there's 100% chance of an exploitable vulnerability. 
: Microsoft won't acknowledge that until they have a patch, which games 
: the system a bit. When Cisco releases an advisory on BGP saying it's a 
: DoS, that's misleading. Etc.

Real did the same in the past. Flagged remote overflows as 'DoS' when it 
was already proven by the researcher to be much worse.

This also brings up another thing the Vulnerability Databases have thought 
about, and has been discussed on Full-Disclosure recently. How do you 
classify vulnerabilities triggered by malformed media files. Think of a 
malformed PDF or mp3 that triggers an overflow in Adobe or Winamp. Is that 
a remote overflow? The classic definition of remote vs local just doesn't 
work for this. If you say remote, what if you find the mp3 in /tmp on your 
local unix system and play it? If you say local, what if the file is 
embedded in a web page?

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: