On Thu, Jul 14, 2005 at 10:48:55AM -0600, Charles Cazabon wrote: > Derek Martin <invalid@xxxxxxxxxxxxxx> wrote: > > While I have doubts that "remotely exploitable" is being used fairly here, > > I'm not sure what you meant by this. It's entirely possible that a > bug in mutt code (buffer overflow, etc) would allow an attacker to > craft a message to exploit that bug and run a payload as you when > you view that message. If that payload is `sh -c 'rm -rf $HOME'` or > equivalent, I think you'd call that a "remotely exploitable" > security problem. No, I wouldn't. It's no more "remotely exploitable" than if I handed you a disk, said, "run the program on this," and you did -- resulting in the destruction of your hard drive. The attack you describe is a passive attack, triggered by you viewing the message (or its headers). It is not a remote exploit; the attack occurs once the data is already on the local system, and is triggered by the user. That's not a remote exploit, because nothing I can do sitting at my computer will trigger the exploit on yours... It is only triggered once you do something, on the local machine. It is a local exploit, which just happens to have been delivered to you over a network. I could send you the same message from the console of the same computer... Is it a remote attack then? The payload never existed anywhere other than the local machine. Your example was precisely what I was talking about. If you want to stick to your definition of remote exploit, then every compromise is a remote exploit, because the data which results in the compromise always originates somewhere other than on the system... even if it is in the mind of an attacker who is typing it in at the system console. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpXwzWlczh2J.pgp
Description: PGP signature