Re: Exploit Ease Level

[gaugustu () CISCO COM (Eric Augustus)]

C'mon, really what you're after is "do I have to fix this vulnerability
now because it's really easy to exploit, or can it wait since it's too
difficult to duplicate".

The fact that a vulnerability in XYZ has been demonstrated, and your
system is running XYZ should be enough to incentive to fix it. Unless,
of course, you're willing to live with the risk.

On Fri, Apr 28, 2000 at 05:50:54PM -0400, Rory Savage wrote:
> True, very true, but imagein something like this in the header of an
> exploit....
>
>
> Red Hat 6.2 Sendmail Dos
>
> Exploit Level 10+ (You will loose sleep and possible your marraige)
> Exploited with the help of a BeoWolf cluster (see attachment for details)
> Time: 2 weeks, 2 days, 22 hours, 22 minutes, and 22 seconds.
> Etc
> Etc
>
>     In Red Hat 6.2, there lies a problem with sendmail's (whatever..)
> ...
> ...
> ...
>
>
>
> Joe Cracker and Assoc.
[snip]


--
----------------------------------------------------------
   Eric P. Augustus            | gaugustu () cisco com
   Network Security Engineer   | www.cisco.com
   Cisco Systems Inc.          | Voice: 512.378.1051
   12515 Research Blvd.        | Fax: 512.249.8506
   Austin, Texas  78759-2220   | Pager: 800.365.4578
----------------------------------------------------------
Remember the... the... uhh.....