Long-lived security holes
Posted Jun 24, 2004 13:41 UTC (Thu) by DaveK
In reply to: Long-lived security holes
Parent article: Long-lived security holes
Is there really any such thing as a truly local only security hole?
Imagine that a user views a file using their usual viewer for that file type which is vulnerable to what would be classified as a localy exploitable buffer overrun (say) and allows either arbitary code execution or priviledge escalation.
if the user views a suitably crafted 'contaminated' file from an external source that is able to escalate its priviledges or execute code, then this comes very close to a remote vulnerability - especially if the program is piped email attachments or perhaps something by a browser that it can't display internaly - 'the UNIX way'.
This becomes more accute the more 'public access' the system is, and the chances of the vulnerability being triggered maliciously increase.
IMHO there are 2 classes of vulnerabilities,
1)Those that allow arbitary code execution, or privilege escalation.
2)Those that cause the affected process to exit or hang without escalation or arbitary code execution.
The first kind could be considered 'compromise capable' and the second 'anoying'.
to post comments)