|
|
|
|
About Secunia Advisories
|
Explanation of terms used within Secunia Advisories.
|
|
From (Attack vector)
|
Local system
"Local system" describes vulnerabilities where the attack vector requires that the attacker is a local user on the system.
From local network
"From local network" describes vulnerabilities where the attack vector requires that an attacker is situated on the same network as a vulnerable system (not necessarily a LAN).
This category covers vulnerabilities in certain services (e.g. DHCP, RPC, administrative services) that should not be accessible from the Internet, but only from a local network and optionally a restricted set of external systems.
From remote
"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network.
This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.
|
|
Criticality
|
Extremely Critical (5 of 5):
Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild.
These vulnerabilities can exist in services like FTP, HTTP, and SMTP or in certain client systems like email programs or browsers.
Highly Critical (4 of 5):
Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure.
Such vulnerabilities can exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers.
Moderately Critical (3 of 5):
Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction.
This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet.
Less Critical (2 of 5):
Typically used for cross-site scripting vulnerabilities and privilege escalation vulnerabilities.
This rating is also used for vulnerabilities allowing exposure of sensitive data to local users.
Not Critical (1 of 5):
Typically used for very limited privilege escalation vulnerabilities and locally exploitable Denial of Service vulnerabilities.
This rating is also used for non-sensitive system information disclosure vulnerabilities (e.g. remote disclosure of installation path of applications).
|
|
Impact
|
Brute force
Used in cases where an application or algorithm allows an attacker to guess passwords in an easy manner.
Cross-Site Scripting
Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system.
Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery".
Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Exposure of system information
Vulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally.
Hijacking
This covers vulnerabilities where a user session or a communication channel can be taken over by other users or remote attackers.
Manipulation of data
This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.
The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
Privilege escalation
This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.
This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Security Bypass
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
Spoofing
This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.
System access
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Unknown
Covers various weaknesses, security issues, and vulnerabilities not covered by the other impact types, or where the impact isn't known due to insufficient information from vendors and researchers.
|
|
Other
|
Other frequently used terms:
The term "users" generally refers to authenticated users to the operating system or the application affected. This includes anonymous users when talking about FTP and similar.
The term "people" generally refers to people who are able to make network connections but who aren't authenticated.
|
|
|
