Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
GLSA's listed as remote but only locally exploitable
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3221

PostPosted: Fri Mar 28, 2014 2:11 pm    Post subject: GLSA's listed as remote but only locally exploitable Reply with quote

Question for everyone. Why are some GLSA's marked as remotely exploitable, even when they are only locally exploitable? A good example is the latest GLSA for grep: http://www.gentoo.org/security/en/glsa/glsa-201403-07.xml

If a remote attacker requires the user to run something locally, this is a local exploit -- at least that would be my definition. In fact, this is what the reference CVE also states.

I've noticed this in many GLSA's over the years.

This isn't a rant... just wanted to discuss. Maybe future GLSA's should be interpreted different?
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Fri Mar 28, 2014 9:23 pm    Post subject: Reply with quote

I think the difference between remote and local is kind of unclear. My take is that if someone can craft something that can the machine can run during normal operation so that they now can have access to the system, this is remote exploit.

If in order to execute the exploit someone needs to already have an account and usually to escalate privileges, then this would be a local exploit.

With grep it's not so clear but the exploiter does NOT have access to the system and thus is "remote". It's not local as the person running grep already has access to the machine and, well, you're not actually getting higher privileges with the exploit. If running the exploit makes grep suddenly give you root access (or crash the machine), then I'd call that a local exploit.

http://en.wikipedia.org/wiki/Exploit_%28computer_security%29

I guess if one could think of it this way, if you had an apache CGI that ran grep and someone could craft something to gain rights as the apache user of the affected webserver... now that is more clearly a "Remote" exploit, hence that's why it's classified as remote.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum