[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's

On Thu, Jul 01, 1999 at 10:52:24AM -0700, Proctor, Paul wrote:
> Basically, vulnerabilities are primarily system-based and should be
> addressed by system level IDS (in most, not all cases).  Any given
> vulnerabilty can be detected by multiple signatures.  For example the
> Cybersafe Centrax product has a signature on NT to detect a base-class of
> attack exploited by sec-hole and getadmin.  These are different attacks
> exploiting the same hole (unauthorized addition of a user to the
> administrator's group).  My view is that all three are CVE worthy.  1)
> sechole, 2) getadmin, 3) unauthorized addition of a user to the
> administrator's group.  1 and 2 are published exploits.  3 is sure to be
> used by other attacks in the future.

I disagree. 3 is not a vulnerability, it is the result or impact of one.
As such it should not be listed in the CVE. Should we add a CVE entry
for adding a backdoor root user to the password file or a .rhost + +
file? I don't belive so.

> Paul
> 
> *************************************************************
> Paul E. Proctor
> Senior Scientist
> Corporate Technology - Cybersafe Corporation
> 6363 Greenwich Drive, Suite 150
> San Diego, CA 92122
> Tel: (Direct) +619-546-2400 x312; Fax: +619-546-0590
> Email: paul.proctor@cybersafe.com
> *************************************************************
> 

-- 
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
Page Last Updated or Reviewed: May 22, 2007