This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Introduction: CVE is basically known for providing information about security vulnerabilities and exposures. It also provides common names to the publicly known problems. With the common enumeration, the aim of CVE is to make easier the sharing of data across various separate vulnerability capabilities like tools, repositories and services. The common identifiers of CVE enable the exchange of data between the security products and also for evaluating coverage of tools and services providing it an index baseline point. Let us now see the terminologies i.e. "vulnerability" and "exposure".
Vulnerability: "Information security "vulnerability" is a mistake in software that can be directly used by a hacker to gain access to a system or network". If vulnerability allows the attacker to violate reasonable security policy for the system, CVE considers it a mistake. Vulnerability is a set of systems or the computing system for CVE allows the attacker either to execute command as another user or allows access to the data which is incompatible to the specified access restrictions for that data. It also allows the attacker to conduct a denial of service. http://cve.mitre.org/about/terminology.html#vulnerability
Some of the examples of this vulnerability are:
phf- It is a remote command execution which acts as user "nobody".
rpc.ttdbserverd- it is a remote command execution which acts as root.
Default password- it is a remote command execution or other access.
SMURF- it is denial of service by flooding a network.
Exposure: "An information security "exposure" is a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network". http://cve.mitre.org/about/terminology.html#exposure . As exposure is the violation of a reasonable security policy, and if it could not be an important component of a successful attack also if it does not allow directly to compromise then the CVE considers it as a configuration issue or a mistake. Exposure which is a set of systems or a computing system but is not vulnerability, allows the attacker either to conduct the information gathering activities or to hide activities or it considers a problem according to some reasonable security policy.
This is one of the examples we can see for the Current Vulnerability and Exposure. This is the example on UNIX where we can see the flow of data with CVE and without CVE.
Fig: Penetration Testing using CVE
The above is the figure of the penetration testing using CVE.( taken from lecture slides)
CVE References: For each single CVE names we have different suitable references. Each of the CVE References which is used in the CVE
Sources are identified
In order to facilitate searching on the source's website, a well defined identifier is included.
CVE names which are associated is been noted.
This CVE includes a reference map page which is linked to the documents which are commonly used information sources is been used as references for the CVE entries and candidates. There are various reference maps which is been used in the CVE. Some of them are:
"AIXAPR - Authorized Problem Analysis Report
ALLAIRE- Allaire Security Bulletin
APPLE- Apple Security Update
ASCEND- Ascend Vendor Acknowledgement
ATSTAKE- @stake security advisory
AUSCERT- AUSCERT advisory
BID- Security Focus Bugtraq ID database entry
BEA- BEA security Advisory
BINDVIEW- BindView Security Advisory
BUGTRAQ- Posting to Bugtraq mailing list
CALDERA- Caldera Security Advisory
CERT- CERT/CC Advisories
CERT-VN- CERT/CC Vulnerability note
CHECKPOINT- Check Point Alert
CIAC- DOE CIAC (Computer Incident Advisory Centre) bulletins
CISCO- Cisco Security Advisory
COMPAQ- COMPAQ Service Security Patch
CONECTIVA- CONECTIVA Linux Advisory
CONFIRM- URL to location where vendor confirms that the problem exists
DEBIAN- Debian Linux Security Information
EEYE- EEYE security Advisory
EL8- EL8 Advisory
ENGARDE- En Garde Linux Advisory
ERS- IBM ERS/BRS Advisories
EXPLOIT-DB- Exploits Database
FEDORA- Fedora Project Security Advisory
FREEBSD- FreeBSD Security Advisory
FRSIRT- French Security Incidence Response Team
FULLDISC- Full Disclosure Mailing List
GENTOO- GENTOO Linux Security Advisory
HERT- HERT Security Advisory
HP- HP Security Advisories
HPBUG- HP bug/patch ID
IBM- IBM ERS/BRS Advisories
IDEFENCE- IDEFENCE Advisory
IMMUNIX- Immunix Linux Advisory
INFOWAR- INFOWAR Security Advisory
ISS- ISS Security Advisory
JVN- Japanese CERT"
"Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms".
DCOM: Distributed Component Object model (DCOM) defines not only the identity of the Component Object Model (COM) but also the external characteristics of the COM objects. This Directed Component Object Model and the Component Object Model in order to communicate with each other use the Remote Procedure Calls (RPC) to enable the distributed component objects. It forms in such a way that the client can gain access over the objects methods and data. With DCOM, the access over the objects data is possible regardless of whether in the same process the objects exist or not, on the same machine having different processes, or having different processes on different machines. Through the multiple interfaces the COM AND DCOM objects exposes its functionality in different ways as per the RPC client/server interface.