Re: Public disclosure of discovered vulnerabilities

obie <anonymous@panta-rhei.dyndns.org> writes:
> I didn't mean to imply it was perfect, I asked if anyone knew of a
> currently valid local root exploit.

some analysis spring 2004
http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE

of the CVE database
http://cve.mitre.org/

of some simple stuff from the cve discription.

I've had a couple conversations with the cve people about some
variability in the descriptions ... sometimes describing cause,
sometimes describing results, sometimes giving both. they claimed that
they are now trying to provide more uniform structure in the
descriptions.

from analysis last spring ... mostly simple count of CVE entries with
specific word or word-pairs.

....

1246 mentioned remote attack or attacker
 570 mentioned denial of service
 520 mentioned buffer overflow
     105 of the buffer overflow were also denial of service
      76 of the buffer overflow were also gain root

some counts of items that mention root
root access 87
root privileges 151
gain root 183
root 294

doesn't say root ... but
gain privileges 187

pst posts with similar references:
http://www.garlic.com/~lynn/aadsm18.htm#10 E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good
http://www.garlic.com/~lynn/2004f.html#20 Why does Windows allow Worms?
http://www.garlic.com/~lynn/2004h.html#2 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004j.html#37 Vintage computers are better than modern crap !
http://www.garlic.com/~lynn/2004j.html#58 Vintage computers are better than modern crap !
http://www.garlic.com/~lynn/2004q.html#74 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005c.html#28 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/