Paco Hope wrote: > Somebody's gotta come up with a reasonable definition of "remotely > exploitable."
Agreed; this lack of an agreed-upon vocabulary is the cause of all sorts of misunderstandings that don't make the news. These days, with everything networked, I'm not sure proximity is a usually a meaningful distinction, so "local" and "remote" aren't useful terms. In my experience, many people tend to use the term "remote" to mean "no prior account access", while "local" tends to be used to mean "privilege escalation" (an existing account is required to take advantage of the flaw). Brain droppings: It seems to me that there are at least three different dimensions of unauthorized access. Interactivity: 1. Gaining access to some security context by means of social engineering or predictable user behavior. 2. Gaining access to some security context without user interaction or social engineering. Proximity: a. Gaining privilege access by means of physical access, or b. Gaining privilege access over a network. Level: I. Gaining access to an interesting, but "unprivileged", context, or II. Gaining access to a privileged "system" context. So what's usually called a "remote root exploit" is an event with characteristics 2, b, and II. Therefore, is a browser bug a "remote" exploit? Well, yes, strictly speaking; the author didn't need physical access to run it. However, it is also interactive and gains a only user context (which on some poorly configured systems might mean system privilege, but that's beside the point). As Paco points out, an "exploit" which is interactive and gains only the context granted by the (presumably ignorant) user isn't necessarily an "exploit", or even a technical problem, though it might grant the malware access to an actual flaw that will allow escalation. - -- David Talkington [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBxzZC5FKhdwBLj4sRAnIRAKCvVYGoOLmXtpheyIprkUEZYkNl+ACghXlY pMrdb8AYA82Nz4Iw8x6/od8=3D =3DkxLN -----END PGP SIGNATURE-----
