Thursday, February 01, 2007

Quiet reporting of loud vulnerabilities

Did you happen to catch the Solaris ICMP DOS vulnerability? If your like me you found out second hand from the ISC handlers diary. I have since found an entry on securityfocus about it and CERT. From the advisory Sun produced I think its safe to say when exploited, this vulnerability causes your box to go down, and go down hard. The stack trace sun provided gives some clue, but not much, and I don't have a Sun box to go poking around on to find out exactly how to trigger it.

Vulnerabilities like this are why I don't like classifying vulnerabilities by 'Remote DOS' alone. First of all there is a difference between a Remote DOS vulnerability where the attacker must first 'establish a TCP connection, authenticate and then bring down the box' and a 'spoofed ICMP packet =death of your box' vulnerability. The people at CERT correctly slapped 'unauthenticated attacker' to their advisory. Access to information is important, especially on critical systems. The fact a random anonymous person can deny you legitimate access to your information from anywhere is _bad_. While its not the same as that random person having access to that information it should still be considered a vulnerability of concern.

No comments: