Re: On classifying attacks

To: Derek Martin <code@xxxxxxxxxxxxxx>
Subject: Re: On classifying attacks
From: Godwin Stewart <gstewart@xxxxxxxxxxx>
Date: Sun, 17 Jul 2005 11:41:54 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050716164029.GA26195@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050715023930.GE23576@xxxxxxxxxx> <DFE4F2E1-38F5-475A-A9E1-B151C1556C84@xxxxxxx> <20050716164029.GA26195@xxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 16 Jul 2005 12:40:29 -0400, Derek Martin <code@xxxxxxxxxxxxxx> wrote:

> It seems to me your statement can't be correct, because this is ALWAYS
> the case.  A local exploit requires that a local user run an
> executable.  A remote exploit requires that a local user run an
> executable, even if that is accomplished merely by booting the system.
> All exploits require running code, and code doesn't magically start
> itself...  Running code is required, because it is the very running
> code which is being exploited.

Maybe so, however with the case of the BIND attack, the vulnerability in
locally running code (named) is being exploited by a remote attacker via the
network.

In the case of an e-mail containing malicious code, the code being exploited
(parts of the Windows kernel or whatever) is being attacked by code running
locally - on the *same* machine. In this sense it can hardly qualify as a
"remote" exploit.

- -- 
G. Stewart - gstewart@xxxxxxxxxxx

A lot of money is tainted.   'Taint yours and 'taint mine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC2ifiK5oiGLo9AcYRAswqAJ9lPxLOVO45WpnKxWEYva41HSbnrwCfdkGT
fEc+qbBBB4LKkzeR5bKMikg=
=yzAH
-----END PGP SIGNATURE-----

References:
- On classifying attacks
  - From: Derek Martin
- Re: On classifying attacks
  - From: James Longstreet
- Re: On classifying attacks
  - From: Derek Martin

Prev by Date: [SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
Next by Date: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein
Previous by thread: Re: On classifying attacks
Next by thread: Re: On classifying attacks
Index(es):
- Date
- Thread