[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
On Thu, Jul 01, 1999 at 10:52:24AM -0700, Proctor, Paul wrote:
> Basically, vulnerabilities are primarily system-based and should be
> addressed by system level IDS (in most, not all cases). Any given
> vulnerabilty can be detected by multiple signatures. For example the
> Cybersafe Centrax product has a signature on NT to detect a base-class of
> attack exploited by sec-hole and getadmin. These are different attacks
> exploiting the same hole (unauthorized addition of a user to the
> administrator's group). My view is that all three are CVE worthy. 1)
> sechole, 2) getadmin, 3) unauthorized addition of a user to the
> administrator's group. 1 and 2 are published exploits. 3 is sure to be
> used by other attacks in the future.
I disagree. 3 is not a vulnerability, it is the result or impact of one.
As such it should not be listed in the CVE. Should we add a CVE entry
for adding a backdoor root user to the password file or a .rhost + +
file? I don't belive so.
> Paul
>
> *************************************************************
> Paul E. Proctor
> Senior Scientist
> Corporate Technology - Cybersafe Corporation
> 6363 Greenwich Drive, Suite 150
> San Diego, CA 92122
> Tel: (Direct) +619-546-2400 x312; Fax: +619-546-0590
> Email: paul.proctor@cybersafe.com
> *************************************************************
>
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01