Vulnerability Development mailing list archives
Re: Exploit Ease Level
From: rsavage () CROSSWINDS NET (Rory Savage)
Date: Fri, 28 Apr 2000 17:50:54 -0400
True, very true, but imagein something like this in the header of an exploit.... Red Hat 6.2 Sendmail Dos Exploit Level 10+ (You will loose sleep and possible your marraige) Exploited with the help of a BeoWolf cluster (see attachment for details) Time: 2 weeks, 2 days, 22 hours, 22 minutes, and 22 seconds. Etc Etc In Red Hat 6.2, there lies a problem with sendmail's (whatever..) ... ... ... Joe Cracker and Assoc. Rory Savage -- Systems Administrator email: rsavage () crosswinds net .-.-.-..---..-..-..---. | | | || | || .` || |'_ `-----'`-^-'`-'`-'`-'-/ -=/ MCI WorldCom/WANG/FAA \=- work (919)-377-7702 beep (800)-PAGE-MCI page mail: 1433539 () pagemci com On Thu, 27 Apr 2000, Sebastian wrote:
Hi Rory :) On Tue, Apr 25, 2000 at 10:32:05PM -0400, Rory Savage wrote:I wish there was an `Exploit Ease Refrence Level`, so when one posts an exploit, they would also post an `Easebility` level to let others know if it's an easy trick, or a drawn-out project that involves alot of time. This is just a suggestion, but I think it would really work out well,Such `Exploit Easy Reference Level` could only be very rough. Some buffer overflows that look like they can be exploited easily turn out to be very difficult to exploit (example: qpopper 2.1.4r3 stack overflow on Linux). The other way round, sometimes there is a complex situation which can be reduced by a knowledgeable person to a fully working exploit (example: wuftpd 2.5.0 heap overflow, where 5 offsets can be reduced to just one). Hence it is difficult to set such a level before having digged into the situation. On the other hand, after you've checked for exploitability you can set such level, I agree. But what kind of "easebility" do you refer to ? The one a user of the exploit has, the one the creator had or the one the creator thinks other people will have in understanding his work ?especially for these mailing lists. But I know I am farting in the wind again... and nobody cares... but in a few months, somebody will steal my idea anyway (and call it their own).The idea isn't new, for example in the NAI CyberCop handbook there is a great list with all checks CyberCop does together with a rating how popular and how difficult it is to exploit this vulnerability. Btw, I think, a knowledgeable reader of this mailing list might have a rough impression of the difficulty after having checked out the situation for a couple of minutes. For the really wicked tricks used in exploits the reader has to check the exploits comments anyway in case he understands them. And for the others such a rating is confusing because it still doesn't tell anything about whether this is really a "ready-for-script-kid" exploit.In fact, I just might draft up a proposal... and see that the `scene` think about it.I'd like to read that :-)Cheers! Rory Savageciao, scut -- - scut () nb in-berlin de - http://nb.in-berlin.de/scut/ --- you don't need a -- -- lot of people to be great, you need a few great to be the best ------------ http://3261000594/scut/pgp - 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07 -- data in VK/USA Mayfly experienced, awaiting transfer location, hi echelon -
Current thread:
- Re: Using php to bounce scan, (continued)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- corrupted link JklojLrnzn () AOL COM (Apr 30)
- Re: Using php to bounce scan Matt Rae (Apr 30)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- Re: Exploit Ease Level Max Vision (Apr 28)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Rory Savage (Apr 29)
- Re: Exploit Ease Level Mark L. Jackson (Apr 29)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Sebastian (Apr 27)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Source code to mstream, a DDoS tool Anonymous User (Apr 29)
- Re: Securax Security Advisory: Windows98 contains a seriousbufferoverflow with long filenameextensions. Bluefish (Apr 29)