Vulnerability Development mailing list archives
Remote vs Local vulnerabilities (Was: Re: [VULN-DEV] ping -i (TTL) Vulnerability)
From: syzop <syz () DDS NL>
Date: Fri, 23 Feb 2001 16:43:21 +0100
-No Strezzz Cazzz wrote: -- snip --
I thought that when a bug could get triggered from a remote location the bug itself is considered a remote-bug. In this case its a remote aswell as a local bug. I want a p0ny...
No, the IIS unicode bug is a remote one, the ping -i a local one (_if_ you call it a bug [which I don't, also see rpc's answer]). A remote bug (or remotely exploitable bug) is a bug which let you do 'nasty things' from a remote location like executing code, crashing a program, etc etc. A local bug is a bug which let you do 'nasty things' by doing something at the box locally (for example: overflowing some buffer in a suid root program by carefully crafted parameters and gaining a root shell). You are only able to exploit a local vulnerability when you have a shell; like an account, or, as you described, to use a remote vulnerability to exploit a local vulnerability. Another (well known) example of such a combination is using the (remote) IIS unicode bug combined with the (local) IIS asp bug [iishack 1.5]. Syzop.
Current thread:
- Re: ping -i (TTL) Vulnerability, (continued)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
- Re: ping -i (TTL) Vulnerability rpc (Feb 22)
- Re: ping -i (TTL) Vulnerability Reddog Hummer (Feb 22)
- Re: ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 22)
- Remote vs Local vulnerabilities (Was: Re: [VULN-DEV] ping -i (TTL) Vulnerability) syzop (Feb 23)