Vulnerability (data-processing)

For a broader use of the " term; Vulnérabilité" , please refer to Vulnérabilité.

In Data-processing, the term vulnerability refers to a weakness in a system, making it possible an attacker to attack the safety of information or a information system. One also speaks about data-processing security breach .

The vulnerabilities can result from a programming error or a weakness of design in the system. Those can exist only in theory, or can have a known exploit. They become particularly interesting when a program containing one of these vulnerabilities is launched with special privileges, that it allows a Authentification on a system, or even when it provides an access to given significant.

Causes

The data-processing vulnerabilities often come from the negligence or the incompetence of a programmer. There can be others Cause S related to the Contexte. A vulnerability generally makes it possible the attacker to deceive the application, for example by exceeding the checks of Access control or by carrying out orders on the system lodging the application.

Some vulnerabilities occur when the entry of a user is not controlled, allowing the execution of orders or requests SQL (known under the name of Injection SQL). Others come from errors of a Programmeur during the checking of the buffers of Donnée S (which can then be exceeded), thus causing a corruption of the Pile memory (and thus to allow the code execution provided by the attacker).

Publication of a vulnerability

Method of publication

The method of publication of the Vulnérabilité S is a subject which makes debate within the community of the Information system security. Some affirm that it is necessary to immediately publish all information in connection with a Vulnérabilité as soon as it was discovered (Full disclosure). Others claim that it is preferable to limit initially the publication only to the users who have a important Besoin, and then after a certain time to publish in detail, if there is Besoin.

These deadlines can make it possible to leave the Temps with these users to correct the Vulnérabilité while developing and by applying the patchs safety necessary, but can also increase the Risque S for those which do not have this information.

Go back and source to publication

The publication date is the first date on which a Vulnérabilité is described on a Média where revealed information follows the following conditions:

• information is available Librement and publicly,
• information on the Vulnérabilité is published by an independent source and of Confiance,
• the Vulnérabilité was the subject of analysis by experts, in particular on the estimate of the Risque of the revelation.

From a point of view Safety, only a free publication of access and supplements can ensure that all the interested parts obtain suitable information. The Sécurité by the darkness is a concept which functioned forever.

The source of the publication must be independent of a editor, a Vendeur, or a Gouvernement. It must be impartial to allow an information circulation right and critical. Media are regarded as Confiance when it is a source of the Information system security largely accepted in the Industrie (for example: CERT, CESTI, Securityfocus, Secunia).

The analysis and the estimate of the Risque ensure the quality of revealed information. A single discussion on a potential fault in a mailing list or vague information of a Vendeur thus do not make it possible to qualify a Vulnérabilité. The analysis must include details enough to make it possible a user concerned to evaluate itself his individual Risque, or to take an immediate measure Protéger.

Reference

When a vulnerability was published, the MITER allots a identifier CVE to him. This identifier makes it possible to make the research crossed between several information sources.

Identification and correction of the vulnerabilities

There exist many tools which can facilitate the discovery of vulnerabilities on a system information, some allowing their suppression. But, although these tools can provide to a listener a good overall vision of the vulnerabilities potentially present, they cannot replace the human judgment. To rest only on automatic scanners of vulnerability will bring back many false-positives and a limited sight of the problems present in the system.

Vulnerabilities were found in all principal the Operating systems, initially on Windows, but also on Mac OS, various versions of Unix and Linux, OpenVMS, and others. The only manner of reducing the probability that a vulnerability can be exploited is to constantly remain vigilant, by developing the system maintenance (for example by applying the patchs safety), to deploy a protected architecture (for example while placing judiciously Pare-feu X), to control the accesses, and to set up audits of safety (at the same time during the development and the life cycle).

Malicious exploitation

The pirate , thanks to their knowledge and with adapted tools, can take the control of vulnerable machines. The security breaches discovered are generally clogged as fast as possible using a Patch in order to prevent inopportune takeovers; however in many cases, of the machines remain vulnerable to old faults, the various corrective measures not having been applied.

Some malicious software use vulnerabilities to infect a system, to be propagated on a network,…

Once the exploited fault, that generally causes a Denial-of-service system (computer program, core of the operating system,…), an access to a system or sensitive informations, even rise in the privileges of a user.

One speaks about distant vulnerability when the vulnerability is in a software constituting a service network (for example a Web server) and that it can be exploited by a distant attacker, which does not have a local account. One speaks about local vulnerability when the vulnerability is exploitable only by one user having a local account. The distant vulnerabilities can be used by pirate to obtain an access on a system. The local vulnerabilities can be used by a badly-disposed user, who has an account, to carry out a rise in the privileges, or by a distant attacker to increase its privileges, after the exploitation of a distant vulnerability.

Examples of vulnerabilities

The vulnerabilities below belong to most known:

• Going beyond of plug

• Injection SQL
• Cross-country race site scripting

Appendices

See too

• Exploit (data-processing)

• Information system security
• Common Vulnerabilities and Exposures (CVE)
• Packet Storm
• Securityfocus
• governmental Center of expertise of answer and treatment of the computer attacks

External bonds

• VulCheck : Tool for test of vulnerability in line
• FrSIRT: French-speaking gate and english-speaking dedicated to the computer security and the vulnerabilities
• Secunia.com: Anglophone gate dedicated mainly to the security breaches
• Vulnerabilite.com: French-speaking gate dedicated to the computer security
• Secuser.com: French-speaking gate dedicated to the computer security
• info.corroy.org: An overall picture of the topicality of the computer security
• Vigil@nce: Take care technical on the vulnerabilities and their solutions
• Netcraft
• TechZoom: Empirical analysis off vulnerability disclosure dates for 14 ' 000 vulnerabilities since 1996
• OSVDB: Open Source Vulnerability Database homepage
• NIST SAMATE: Software Insurance Metrics and Tool Evaluation project
• Microsoft: The Microsoft Security Response Center definition

Random links:

Morschwiller-le-Bas | Nightjar europeo | Turlupin (actor) | Jules de Blosseville | Reinhard Scheer | Ahmad Ibn 'ATA Allah | Train_de_millénium

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org