| |||||||||||||
Bitten by old bugsBitten by old bugsPosted Aug 14, 2003 6:17 UTC (Thu) by proski (subscriber, #104)In reply to: Bitten by old bugs by ncm Parent article: Bitten by old bugs
While the majority of bugs probably turn out not to have been exploitable, it's remarkable how many are.However, the attacker needs only very specific vulnerabilities. If the attacker has no local account, s/he needs a remote exploit. Many holes require social engineering to be exploited - they may be useless against smart users. Most software is not directly listening to the ports - it needs to be run by other software or by one of the user (often by root). Double free in a piece of software that nobody runs on untrusted data is useless. The ready supply of old bugs is probably also the reason that we have so rarely seen attacks on code repositories such as just happened to the FSF's ftp site.As far as I know, it was a brand new bug that didn't have a fix released at the time it was exploited.
(Log in to post comments)
Bitten by old bugs Posted Aug 14, 2003 16:13 UTC (Thu) by ncm (subscriber, #165) [Link] Libraries used by programs that do keep open ports are rarely treated with the same care as those programs, even though they contribute equally to vulnerability. Also, programs running at reduced privilege are not treated as seriously even though vulnerabilities there lead to local shell access and to the much richer exploit opportunities available that way.The FSF ftp server compromise occurred not because a new hole opened up, but because somebody found a hole that was there and used it. Probably there are dozens more, and it might have happened dozens of times before, but not so many people are interested yet. As it is, the best that can be done is to reduce the number of people who have logins.
|
|||||||||||||