Re: What is a security bug?

To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: debian-security@lists.debian.org
Subject: Re: What is a security bug?
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Thu, 24 Nov 2005 09:45:53 +0100
Message-id: <[🔎] 20051124084553.GA19390@javifsp.no-ip.org>
Mail-followup-to: Bernd Eckenfels <ecki@lina.inka.de>, debian-security@lists.debian.org
In-reply-to: <[🔎] E1Eez1d-0000Ku-00@calista.inka.de>
References: <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL> <[🔎] E1Eez1d-0000Ku-00@calista.inka.de>

On Wed, Nov 23, 2005 at 07:07:21PM +0100, Bernd Eckenfels wrote:
> In article <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL> you wrote:
> > Well, obviously it is not a _security_ bug, since it has nothing to do
> > with security.
> ...

Without looking at the bug in detail you cannot tell for sure. A DoS
condition can become a remote exploit.

(...)

> However it doesnt matter, you are right: critical application crashes
> (especially if triggerable by untrusted peers) are critical enough to be
> fixed anyway. AND crashes often have the potential to be exploitable
> (stacksmashing?).

Indeed (to the last sentence) for a recent example take a look at
CAN-2005-1790, which was a DoS condition for IE 5.5 and 6.x, it was initially
labeled as "DoS - low risk" and has been later found to be exploitable 
and allow for remote compromise:
http://www.computerterrorism.com/research/ie/ct21-11-2005

Regards

Javier

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- RE: What is a security bug?
  - From: "Jasper Filon" <jasper.filon@bbned.nl>
- Re: What is a security bug?
  - From: Bernd Eckenfels <ecki@lina.inka.de>

Prev by Date: Re: What is a security bug?
Next by Date: Re: What is a security bug?
Previous by thread: Re: What is a security bug?
Next by thread: Re: Re: Putty 0.45 vs. SSH Login
Index(es):
- Date
- Thread