Study On Security Vulnerabilities And Exposures Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Introduction: CVE is basically known for providing information about security vulnerabilities and exposures. It also provides common names to the publicly known problems. With the common enumeration, the aim of CVE is to make easier the sharing of data across various separate vulnerability capabilities like tools, repositories and services. The common identifiers of CVE enable the exchange of data between the security products and also for evaluating coverage of tools and services providing it an index baseline point. Let us now see the terminologies i.e. "vulnerability" and "exposure".

Vulnerability: "Information security "vulnerability" is a mistake in software that can be directly used by a hacker to gain access to a system or network". If vulnerability allows the attacker to violate reasonable security policy for the system, CVE considers it a mistake. Vulnerability is a set of systems or the computing system for CVE allows the attacker either to execute command as another user or allows access to the data which is incompatible to the specified access restrictions for that data. It also allows the attacker to conduct a denial of service.

Some of the examples of this vulnerability are:

phf- It is a remote command execution which acts as user "nobody".

rpc.ttdbserverd- it is a remote command execution which acts as root.

Default password- it is a remote command execution or other access.

SMURF- it is denial of service by flooding a network.

Exposure: "An information security "exposure" is a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network". . As exposure is the violation of a reasonable security policy, and if it could not be an important component of a successful attack also if it does not allow directly to compromise then the CVE considers it as a configuration issue or a mistake. Exposure which is a set of systems or a computing system but is not vulnerability, allows the attacker either to conduct the information gathering activities or to hide activities or it considers a problem according to some reasonable security policy.


This is one of the examples we can see for the Current Vulnerability and Exposure. This is the example on UNIX where we can see the flow of data with CVE and without CVE.


Fig: Penetration Testing using CVE

The above is the figure of the penetration testing using CVE.( taken from lecture slides)

CVE References: For each single CVE names we have different suitable references. Each of the CVE References which is used in the CVE

Sources are identified

In order to facilitate searching on the source's website, a well defined identifier is included.

CVE names which are associated is been noted.

This CVE includes a reference map page which is linked to the documents which are commonly used information sources is been used as references for the CVE entries and candidates. There are various reference maps which is been used in the CVE. Some of them are:

"AIXAPR - Authorized Problem Analysis Report

ALLAIRE- Allaire Security Bulletin

APPLE- Apple Security Update

ASCEND- Ascend Vendor Acknowledgement

ATSTAKE- @stake security advisory


BID- Security Focus Bugtraq ID database entry

BEA- BEA security Advisory

BINDVIEW- BindView Security Advisory

BUGTRAQ- Posting to Bugtraq mailing list

CALDERA- Caldera Security Advisory

CERT- CERT/CC Advisories

CERT-VN- CERT/CC Vulnerability note

CHECKPOINT- Check Point Alert

CIAC- DOE CIAC (Computer Incident Advisory Centre) bulletins

CISCO- Cisco Security Advisory

COMPAQ- COMPAQ Service Security Patch


CONFIRM- URL to location where vendor confirms that the problem exists

DEBIAN- Debian Linux Security Information

EEYE- EEYE security Advisory

EL8- EL8 Advisory

ENGARDE- En Garde Linux Advisory

ERS- IBM ERS/BRS Advisories

EXPLOIT-DB- Exploits Database

FEDORA- Fedora Project Security Advisory

FREEBSD- FreeBSD Security Advisory

FRSIRT- French Security Incidence Response Team

FULLDISC- Full Disclosure Mailing List

GENTOO- GENTOO Linux Security Advisory

HERT- HERT Security Advisory

HP- HP Security Advisories

HPBUG- HP bug/patch ID

IBM- IBM ERS/BRS Advisories


IMMUNIX- Immunix Linux Advisory

INFOWAR- INFOWAR Security Advisory

ISS- ISS Security Advisory

JVN- Japanese CERT"




"Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms".

DCOM: Distributed Component Object model (DCOM) defines not only the identity of the Component Object Model (COM) but also the external characteristics of the COM objects. This Directed Component Object Model and the Component Object Model in order to communicate with each other use the Remote Procedure Calls (RPC) to enable the distributed component objects. It forms in such a way that the client can gain access over the objects methods and data. With DCOM, the access over the objects data is possible regardless of whether in the same process the objects exist or not, on the same machine having different processes, or having different processes on different machines. Through the multiple interfaces the COM AND DCOM objects exposes its functionality in different ways as per the RPC client/server interface.