[39693] in bugtraq
Re: On classifying attacks
daemon@ATHENA.MIT.EDU (Godwin Stewart)
Mon Jul 18 14:49:43 2005
Date: Sun, 17 Jul 2005 11:41:54 +0200
From: Godwin Stewart <gstewart@spamcop.net>
To: Derek Martin <code@pizzashack.org>
Cc: bugtraq@securityfocus.com
Message-Id: <20050717114154.281c41e4.gstewart@spamcop.net>
In-Reply-To: <20050716164029.GA26195@sophic.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 16 Jul 2005 12:40:29 -0400, Derek Martin <code@pizzashack.org> wrote:
> It seems to me your statement can't be correct, because this is ALWAYS
> the case. A local exploit requires that a local user run an
> executable. A remote exploit requires that a local user run an
> executable, even if that is accomplished merely by booting the system.
> All exploits require running code, and code doesn't magically start
> itself... Running code is required, because it is the very running
> code which is being exploited.
Maybe so, however with the case of the BIND attack, the vulnerability in
locally running code (named) is being exploited by a remote attacker via the
network.
In the case of an e-mail containing malicious code, the code being exploited
(parts of the Windows kernel or whatever) is being attacked by code running
locally - on the *same* machine. In this sense it can hardly qualify as a
"remote" exploit.
- --
G. Stewart - gstewart@spamcop.net
A lot of money is tainted. 'Taint yours and 'taint mine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC2ifiK5oiGLo9AcYRAswqAJ9lPxLOVO45WpnKxWEYva41HSbnrwCfdkGT
fEc+qbBBB4LKkzeR5bKMikg=
=yzAH
-----END PGP SIGNATURE-----
