Vulnerability Development mailing list archives
Re: Exploit Ease Level
From: vision () WHITEHATS COM (Max Vision)
Date: Fri, 28 Apr 2000 17:10:00 -0700
On Fri, 28 Apr 2000, Rory Savage wrote:
I understand your comments, however I think you may have misunderstood my conern about `an Exploit Easibility Rating`. Though the amount of impact an exploit may pose vs. the amount of work needed to fix it is related, my concern was on actually 'Reproducing the Exploit' for test purposes. Where some are concerned with the impact and ease of fix, some are concerned with 'reproducing' the exploit and the amout of time and elbow greese involved. Sunch a rating could help System Administrators, and Security officals with two keys aspects. 1. The amount of effort to casue the exploit on their systems, and 2. Who is capable of the attack. I hope this cleared things up. :)
No no, that is exactly what I refered to. I thought I made this clear in my email. Cybercop, to use the same example, has done this for years. So that you will better understand my earlier post, I will now quote their scanner regarding the "complexity" score for each vuln: ---- Complexity: The difficulty involved in exploiting a vulnerability Some attacks against computer systems are more complicated than others; exploiting a vulnerability in a WWW CGI program may involve merely inserting a "magic" character in form field, while other attacks may require a carefully coordinated series of interactions with obscure network services. Unfortunately, the complexity of an attack has more of an effect on the likelihood of it being defended against, rather than the likelihood of it being used by an attacker (who is probably wielding an arsenal of complex attacks to leverage against a computer system). Ironically, the most complex attacks are often the most popular. Low: The attack can be executed by an unskilled attacker without any special tools (perhaps by using standard Unix utilities, or by using their web browser). The problem may be obvious even to someone who is not familiar with the issues involved in computer security. Medium: A special-purpose software tool is required to exploit this problem; this tool is probably quite easy to use and understand by a neophyte hacker, but exploitation of this problem may be out of the reach of individuals that are not familiar with the security community or the hacker underground. High: Exploitation of this problem requires exploit code, which is difficult to write and may require access to specific types of computer systems. Actually using this tool may require specific knowledge of the vulnerability and the system on which it is present. ---- You really should have read my email more closely, as I clearly list "impact" as a separate characteristic from "complexity" (which you label "ease of exploit). Max
Current thread:
- Re: Netaddress and amexmail, (continued)
- Re: Netaddress and amexmail Stone (Apr 27)
- Exploit Ease Level Rory Savage (Apr 25)
- Re: Exploit Ease Level Max Vision (Apr 26)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Using php to bounce scan Thiebaut (Apr 28)
- Re: Using php to bounce scan Omachonu Ogali (Apr 28)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- corrupted link JklojLrnzn () AOL COM (Apr 30)
- Re: Using php to bounce scan Matt Rae (Apr 30)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- Re: Exploit Ease Level Max Vision (Apr 28)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Rory Savage (Apr 29)
- Re: Exploit Ease Level Mark L. Jackson (Apr 29)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Sebastian (Apr 27)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Source code to mstream, a DDoS tool Anonymous User (Apr 29)
- Re: Securax Security Advisory: Windows98 contains a seriousbufferoverflow with long filenameextensions. Bluefish (Apr 29)