About  Contact  FAQ  PGP Key  Privacy

[Introduction] [Vulnerability ex1] [Vulnerability ex2] [Port Map] [Graphics] [Proof of Concept] [Report Key]

Implications: The specific threat posed by a vulnerability

A security problem in a computer system can pose many different risks. Some problems are more serious than others; while all problems should be considered in an audit, it is more important that the most serious and far-reaching vulnerabilities be addressed before the minor ones. TigerTeam breaks the implications of a vulnerability down into several different categories, each of which represents an aspect of a computer system threatened by a security vulnerability.

System Integrity: Some security problems threaten all the operations of a computer system, by allowing an attacker to obtain complete control of it's functioning. These problems include attacks that grant a remote attacker shell access to the system (or the ability to execute arbitrary commands) and the ability to modify arbitrary files on the system (and thus reconfigure it).

Confidentiality: Many computer systems store information that is highly sensitive, due to user privacy requirements (such as the secure storage of personal communications in electronic mail) or organizational secrecy requirements (such as private financial data or proprietary software). Threats to confidentiality allow an attacker to gain access to this information illicitly.

Availability: "Availability" is the general computer security goal of keeping a computer system "available" to it's legitimate users --- up and running smoothly and with reasonable, expected performance. Attacks that compromise the availability of a system are more widely referred to as "Denial of Service" attacks.

Accountability: Most computer systems have some type of logging capability that at least potentially allows the actions of an attacker to be traced back to their source. Systems that put a name to the activities of system users are said to provide "accountability". Because accountability acts as a deterrant to attacks (which are usually illegal), disabling these capabilities is often a priority for attackers.

Authorization: Most users of computer systems have a limited amount of access to those systems; they can perform their own work, and work within their groups, but cannot directly manage the operation of the entire system. The mechanisms used to limit users to appropriate activities track the "authorization" of those activities.

Data Integrity: Most users of computer systems assume that the data maintained by those systems is accurate and authentic. This can be extemely important for many applications, in which incorrect information can be legally, financially, or even medically disastrous. Attacks which attempt to illicitly modify information on a computer system are said to target the integrity of it's data.

Intelligence:Attackers often collect information about targetted systems before actually attempting to break in; information gathered by an attacker prior to a breakin attempt often greatly increases the odds of a successful intrusion, and, more importantly, amplifies the rewards made available by an attack. Attacks which involve the collection of information from a system prior to actual intrusion are said to impact "intelligence".

Popularity: The likelihood that a vulnerability will be exploited

It is important to understand that all attackers are not equally capable. The presence of obscure, complicated vulnerabilities may not be a strong indicator that a system has already been compromised; however, the presence of well known, widely exploited problems may be an immediate cause for alarm.

Obscure: The attack is not widely known, or, more importantly, the information needed to exploit the problem is not widely available. The problem may affect a service that is not well understood, or may require knowledge not often maintained by casual attackers (such as the advanced mathematics needed to invent a cryptographic attack).

Widespread: The attack has been published and is widely known to attackers. However, the relative rarity of vulnerable systems or the difficulty involved in exploiting the problem prevents it from representing a likely first avenue of attack on a system.

Popular: The attack has been published, often in computer underground publications or on widely-read "hacker" newsgroups, and is used often by neophyte attackers and by automated attacker tools. It is not unlikely that the system's vulnerability has been discovered by an attacker casually scanning large numbers of arbitrary addresses for vulnerable hosts.

Complexity: The difficulty involved in exploiting a vulnerability

Some attacks against computer systems are more complicated than others; exploiting a vulnerability in a WWW CGI program may involve merely inserting a "magic" character in form field, while other attacks may require a carefully coordinated series of interactions with obscure network services. Unfortunately, the complexity of an attack has more of an effect on the likelihood of it being defended against, rather than the likelihood of it being used by an attacker (who is probably wielding an arsenal of complex attacks to leverage against a computer system). Ironically, the most complex attacks are often the most popular.

Low: The attack can be executed by an unskilled attacker without any special tools (perhaps by using standard Unix utilities, or by using their web browser). The problem may be obvious even to someone who is not familiar with the issues involved in computer security.

Medium: A special-purpose software tool is required to exploit this problem; this tool is probably quite easy to use and understand by a neophyte hacker, but exploitation of this problem may be out of the reach of individuals that are not familiar with the security community or the hacker underground.

High: Exploitation of this problem requires exploit code, which is difficult to write and may require access to specific types of computer systems. Actually using this tool may require specific knowledge of the vulnerability and the system on which it is present.

Root Cause: The underlying cause of a vulnerability

Many security problems can be avoided, proactively, by maintaining security awareness in the planning and design stages of network engineering. Others may be the result of poor operational practice (perhaps due to network administration lacking focus on security). Identifying the root causes of the vulnerabilities discovered in a network allows patterns of vulnerability to be identified.

Misconfiguration: The vulnerability exists because a component of the system was configured insecurely. Available access control mechanisms (such as password authentication for routers) have not been enabled, default configuration values remain present (default SNMP communities are still in place, for instance), or extensions have been made to the system that violate security.

Software Implementation Problems: The vulnerability exists due to a bug in a program deployed in the system. Prior to the initial discovery of this security problem, there was no way for an organization to be aware of this problem, and, unless the vulnerable software is removed or restricted from normal users, the only way to fix the problem is to apply vendor patches.

Insecure Design: The vulnerability exists because the service implemented by the problematic software is fundementally insecure, the design of the software neglects security concerns, or the protocol implemented by the software is inadequate. Similar software solutions for this service may have equivalent vulnerabilities, and there may not be any obvious way to defend against the threat without disabling the service provided by the vulnerable software.

Ease of Resolution: The simplicity of fixing a vulnerability

When faced with a large number of serious vulnerabilities, it is important that security problems be solved as efficiently as possible. Because some problems are easier to solve than others, quickly addressing the easy problems first may rapidly increase the security of a vulnerable system. Additionally, fixing some problems poses risks of disrupting services, and resolution for those problems may thus require careful scheduling.

Trivial: The problem can be resolved quickly and without risk of disruption by reconfiguration of vulnerable software.

Simple: The problem might be solved by significant reconfiguration of the vulnerable system, or by a vendor patch. Minimal risk of disruption to services is present, but conscientious immediate effort to resolve the problem is reasonable.

Moderate: The problem requires a vendor patch to solve and presents a significant risk of service disruption. It is possible that resolution of this problem may require an upgrade to a substantially different version of software, or that the reconfiguration required to solve the problem has far-reaching impact on legitimate users.

Difficult: The problem requires either an obscure, hard-to-find vendor patch to resolve, or requires manual source code editing to fix. Great risk of service disruption makes it impractical to solve this problem for mission critical systems without careful scheduling.

Infeasable: This problem is due to a design-level flaw, and cannot be resolved by patching or reconfiguring vulnerable software. It is possible that the only way to address this problem is to cease using the vulnerable software or protocol, or to isolate it from the rest of the network and eliminate reliance on it completely.

Please read our instructions before sending files or payments.