|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
On Thu, Jul 01, 1999 at 10:52:24AM -0700, Proctor, Paul wrote: > Basically, vulnerabilities are primarily system-based and should be > addressed by system level IDS (in most, not all cases). Any given > vulnerabilty can be detected by multiple signatures. For example the > Cybersafe Centrax product has a signature on NT to detect a base-class of > attack exploited by sec-hole and getadmin. These are different attacks > exploiting the same hole (unauthorized addition of a user to the > administrator's group). My view is that all three are CVE worthy. 1) > sechole, 2) getadmin, 3) unauthorized addition of a user to the > administrator's group. 1 and 2 are published exploits. 3 is sure to be > used by other attacks in the future. I disagree. 3 is not a vulnerability, it is the result or impact of one. As such it should not be listed in the CVE. Should we add a CVE entry for adding a backdoor root user to the password file or a .rhost + + file? I don't belive so. > Paul > > ************************************************************* > Paul E. Proctor > Senior Scientist > Corporate Technology - Cybersafe Corporation > 6363 Greenwich Drive, Suite 150 > San Diego, CA 92122 > Tel: (Direct) +619-546-2400 x312; Fax: +619-546-0590 > Email: paul.proctor@cybersafe.com > ************************************************************* > -- Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
|
||||
