[VIM] On classifying attacks (fwd)

security curmudgeon jericho at attrition.org
Fri Jul 15 15:11:37 EDT 2005

: Interesting.
: I *just* answered an e-mail from someone who asked why a vulnerability 
: in an image processor was "remote" when he didn't process images by 
: using networks.
: I think this example stretches the "Trojan horse" concept slightly, but 
: it's definitely thinking in the right direction.
: But what would the adjective version of "remote attacker" and "local 
: user" be in a Trojaned context?

I'm on site with a client so I can't dive into this post this second (but 
i want to!). I plan to give it more thought and probably reply tonight 
since this is a) a core issue with VDBs b) heavily discussed among the 
OSVDB mods and c) a major shortcoming of most classification systems 
including our own and CVSS.

So, more tonight =)

More information about the VIM mailing list