Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: On classifying attacks

From: Crispin Cowan <crispin () novell com>
Date: Tue, 19 Jul 2005 06:42:21 -0700
Black, Michael wrote:

You might try re-using the rather large effort that went into the CERT
taxonomy:
http://www.cert.org/research/taxonomy_988667.pdf

You'll note the complete lack of "local" and "remote" in the taxonomy.
 

That pretty much tells me everything I need to know about whether I want
to use that taxonomy :)


Remote exploit of Bind (causing "rm -r /*" to be executed):
Attack:
      Tool: User Command
      Vulnerability: Design
 

"Design"?!


If you really want to stick with "remote" and "local" I think you can
define them thusly:
Remote -- control/access of resources occurs from outside the
machine/network
Local -- control/access of resources occurs on the local machine (i.e.
no network connection required)
 

Ok, but I had no trouble with those definitions in the first place, and
so far you have not captured the distinction Derek was asking about.


Using this definition the email example is local and both bind examples
are remote.

.. and any definition that classifies the e-mail example as "local" is
just broken.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://immunix.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
Previous By Date Next
Previous By Thread Next

Current thread: