Remote vs Local vulnerabilities (Was: Re: [VULN-DEV] ping -i (TTL) Vulnerability)

[syzop <syz () DDS NL>]

-No Strezzz Cazzz wrote:
-- snip --

> I thought that when a bug could get triggered from a remote location the bug
> itself is considered a remote-bug. In this case its a remote aswell as a
> local bug. I want a p0ny...

No, the IIS unicode bug is a remote one,
the ping -i a local one (_if_ you call it a bug [which I don't, also see rpc's answer]).

A remote bug (or remotely exploitable bug) is a bug which let you do 'nasty things'
from a remote location like executing code, crashing a program, etc etc.

A local bug is a bug which let you do 'nasty things' by doing something at the
box locally (for example: overflowing some buffer in a suid root program by
carefully crafted parameters and gaining a root shell).
You are only able to exploit a local vulnerability when you have a shell;
like an account, or, as you described, to use a remote vulnerability to exploit a
local vulnerability.
Another (well known) example of such a combination is using the
(remote) IIS unicode bug combined with the (local) IIS asp bug [iishack 1.5].

    Syzop.