[VIM] On classifying attacks (fwd)
jericho at attrition.org
Fri Jul 15 15:11:37 EDT 2005
: I *just* answered an e-mail from someone who asked why a vulnerability
: in an image processor was "remote" when he didn't process images by
: using networks.
: I think this example stretches the "Trojan horse" concept slightly, but
: it's definitely thinking in the right direction.
: But what would the adjective version of "remote attacker" and "local
: user" be in a Trojaned context?
I'm on site with a client so I can't dive into this post this second (but
i want to!). I plan to give it more thought and probably reply tonight
since this is a) a core issue with VDBs b) heavily discussed among the
OSVDB mods and c) a major shortcoming of most classification systems
including our own and CVSS.
So, more tonight =)
More information about the VIM