<<< Date Index >>>     <<< Thread Index >>>

unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products]



On Fri, 27 Oct 2006 jay.tomas@xxxxxxxxxxxxxxx wrote:
> Ummm are you for real? You are posting this as a vulnerability?
> 
> Chances are if they have trojaned or gained priviledged access to your 
> workstation it shouldnt be
> to much trouble to alter config of firewall or skirt outbound connectivity.
> 
> Unwise default config, perhaps. Vulnerability ... naah.

Jay, a few months ago someone published a DoS vulnerability that is
triggered when "you run out of hard disk space". Pfft.

Nothing really surprises me anymore. The quality of advisories and QA
people do seems to be dropping, especially when it comes to File
Inclusions. The level of false positives posted in the last couple of
weeks is staggering.

Folks use Google Code Search to find vulns, and don't notice they are
fixed 3 lines above the "bug" and that three lines below, there is
another one.

Last week, one of these File Inclusion vulns worked only if you disabled
two security functions that work by default...

Str0ke from milw0rm (= one of the only places, with SecuriTeam, where you
can find a free and public exploit code, so they go over all of these much
like we at SecuriTeam do).
Str0ke recently spoke of how this is becoming an issue, and how all these
exploits have to be verified on systems non of us have, while little to no
research went into them to begin with.

Up to this day, vulnerabilities and exploits would be researched to a
level, and released AS-IS. This is fast becoming impracticle.

Noam, at SecuriTeam wrote a blog entry on much the same, with code samples
(that go on in the comments) called "5 minutes of glory".

http://blogs.securiteam.com/index.php/archives/700

If the S/N ratio of ADVISORIES rather than ML traffic becomes even lower
due to unreliable submissions, our jobs will indeed become much, much harder.

        Gadi.

> 
> Jay