Re: Exploit Ease Level

[rsavage () CROSSWINDS NET (Rory Savage)]

True, very true, but imagein something like this in the header of an
exploit....

Red Hat 6.2 Sendmail Dos

Exploit Level 10+ (You will loose sleep and possible your marraige)
Exploited with the help of a BeoWolf cluster (see attachment for details)
Time: 2 weeks, 2 days, 22 hours, 22 minutes, and 22 seconds.
Etc
Etc

    In Red Hat 6.2, there lies a problem with sendmail's (whatever..)
...
...
...

Joe Cracker and Assoc.

Rory Savage

--
Systems Administrator
 email: rsavage () crosswinds net
.-.-.-..---..-..-..---.
| | | || | || .` || |'_
`-----'`-^-'`-'`-'`-'-/
-=/ MCI WorldCom/WANG/FAA \=-
 work (919)-377-7702
 beep (800)-PAGE-MCI
 page mail: 1433539 () pagemci com

On Thu, 27 Apr 2000, Sebastian wrote:

> Hi Rory :)
>
> On Tue, Apr 25, 2000 at 10:32:05PM -0400, Rory Savage wrote:
>
> > I wish there was an `Exploit Ease Refrence Level`, so when one posts an
> > exploit, they would also post an `Easebility` level to let others know
> > if it's an easy trick, or a drawn-out project that involves alot of
> > time.  This is just a suggestion, but I think it would really work out well,
>
> Such `Exploit Easy Reference Level` could only be very rough. Some buffer
> overflows that look like they can be exploited easily turn out to be very
> difficult to exploit (example: qpopper 2.1.4r3 stack overflow on Linux).
> The other way round, sometimes there is a complex situation which can be
> reduced by a knowledgeable person to a fully working exploit (example:
> wuftpd 2.5.0 heap overflow, where 5 offsets can be reduced to just one).
>
>   Hence it is difficult to set such a level before having digged into the
> situation. On the other hand, after you've checked for exploitability you
> can set such level, I agree. But what kind of "easebility" do you refer to ?
> The one a user of the exploit has, the one the creator had or the one the
> creator thinks other people will have in understanding his work ?
>
> > especially for these mailing lists. But I know I am farting in the wind
> > again... and nobody cares... but in a few months, somebody will steal my
> > idea anyway (and call it their own).
>
> The idea isn't new, for example in the NAI CyberCop handbook there is a
> great list with all checks CyberCop does together with a rating how popular
> and how difficult it is to exploit this vulnerability. Btw, I think, a
> knowledgeable reader of this mailing list might have a rough impression
> of the difficulty after having checked out the situation for a couple
> of minutes. For the really wicked tricks used in exploits the reader has
> to check the exploits comments anyway in case he understands them.
>
> And for the others such a rating is confusing because it still
> doesn't tell anything about whether this is really a "ready-for-script-kid"
> exploit.
>
> > In fact, I just might draft up a proposal... and see that the `scene`
> > think about it.
>
> I'd like to read that :-)
>
> > Cheers!
> > Rory Savage
>
> ciao,
> scut
>
> --
> - scut () nb in-berlin de - http://nb.in-berlin.de/scut/ --- you don't need a --
> -- lot of people to be great, you need a few great to be the best ------------
> http://3261000594/scut/pgp - 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07
> -- data in VK/USA Mayfly experienced, awaiting transfer location, hi echelon -