|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: PROPOSAL: Cluster 20 - DESIGN (27 candidates)
Marc Dacier said: >Let's consider the '.forward' example. It's a feature that you might >want to use. Its behaviour is well-known. It's not, if I understand >you correctly, a vulnerability by itself. Though, it becomes a >vulnerability if I can create or modified one where you were not >expecting to find one (e.g well known attacks using ftp + .forward, or >uucp+.forward, ..) > >Is the '.forward' the vulnerability? At the contrary, should we have a CVE >entry for each 'misuse' of the '.forward'? Should we see this as a >misconfiguration problem for ftp, uucp ... What about .forward that are >left as backdoors by bad guys ... Most of these issues will be discussed in later clusters (recording each "misuse" of .forward in each different service, .forward left as a backdoor). Another topic for later discussion is the appropriate level of abstraction for this sort of problem. If root's .forward is writable by anyone, then that allows Leveraged access (and is a violation of a "Universal policy"), so it should be included in the CVE (or at the very least, as an instance of some CVE vulnerability). In the case where a user just *has* a .forward but it's not writable by anyone else, that's not a violation of most typical Conditional policies. Therefore the simple *use* of .forward should not be covered by the CVE. - Steve
|
||||
