iPedia Free Information Center

Information about Vulnerability (computer Science)

For other uses of the word "Vulnerability", please refer to vulnerability.


In computer security, the word vulnerability refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity, availability [i.e (C.I.A) NSTISSC's triangle], access control, consistency or audit mechanisms of the system or the data and applications it hosts. Vulnerabilities may result from bugs or design flaws in the system. A vulnerability can exist either only in theory, or could have a known exploit. Vulnerabilities are of significant interest when the program containing the vulnerability operates with special privileges, performs authentication or provides easy access to user data or facilities (such as a network server or RDBMS).

A construct in a computer language is said to be a vulnerability when many program faults can have their root cause traced to its use.

Causes

Vulnerabilities often result from the carelessness of a programmer, though they may have other causes. A vulnerability may allow an attacker to misuse an application through (for example) bypassing access control checks or executing commands on the system hosting the application.

Some vulnerabilities arise from un-sanitized user input, often allowing the direct execution of commands or SQL statements (known as SQL injection). Others arise from the programmer's failure to check the size of data buffers, which can then be overflowed, causing corruption of the stack or heap areas of memory (including causing the computer to execute code provided by the attacker).

Vulnerability disclosure

The method of disclosing vulnerabilities is a topic of debate in the computer security community. Some advocate immediate full disclosure of information about vulnerabilities once they are discovered. Others argue for limiting disclosure to the users placed at greatest risk, and only releasing full details after a delay, if ever. Such delays may allow those notified to fix the problem by developing and applying patches, but may also increase the risk to those not privy to full details. This debate has a long history in security; see full disclosure and security through obscurity. More recently a new form of commercial vulnerability disclosure has taken shape, see for example TippingPoint's Zero Day Initiative which provides a legitimate market for the purchase and sale of vulnerability information from the security community.

From the security perspective, only a free and public disclosure can ensure that all interested parties get the relevant information. Security through obscurity is a concept that most experts consider unreliable.

It should be unbiased to enable a fair dissemination of security critical information. Most often a channel is considered trusted when it is a widely accepted source of security information in the industry (e.g CERT, SecurityFocus, Secunia and FrSIRT). Analysis and risk rating ensure the quality of the disclosed information. The mere discussion on a potential flaw in a mailing list or vague information from a vendor do therefore not qualify. The analysis must include enough details to allow a concerned user of the software to assess his individual risk or take immediate action to protect his assets.

Vulnerability disclosure date

The time of disclosure of a vulnerability is defined differently in the security community and industry. It is most commonly referred to as "a kind of public disclosure of security information by a certain party". Usually, vulnerability information is discussed on a mailing list or published on a security web site and results in a security advisory afterwards.

The time of disclosure is the first date a security vulnerability is described on a channel where the disclosed information on the vulnerability has to fulfil the following requirement:
  • the information is freely available to the public
  • the vulnerability information is published by a trusted and independent channel/source
  • the vulnerability has undergone analysis by experts such that risk rating information is included upon disclosure

Identifying and removing vulnerabilities

Many software tools exist that can aid in the discovery (and sometimes removal) of vulnerabilities in a computer system. Though these tools can provide an auditor with a good overview of possible vulnerabilities present, they can not replace human judgment. Relying solely on scanners will yield false positives and a limited-scope view of the problems present in the system.

Vulnerabilities have been found in every major operating system including Windows, Mac OS, various forms of Unix and Linux, OpenVMS, and others. The only way to reduce the chance of a vulnerability being used against a system is through constant vigilance, including careful system maintenance (e.g. applying software patches), best practices in deployment (e.g. the use of firewalls and access controls) and auditing (both during development and throughout the deployment lifecycle).

Examples of vulnerabilities

Well known vulnerabilities include (but are not limited to)

See also

External links

Vulnerability is the susceptibility to physical or emotional injury or attack. It also means to have one's guard down, open to censure or criticism; assailable. Vulnerability refers to a person's state of being liable to succumb, as to persuasion or temptation (see Thywissen 2006
..... Click the link for more information.
Computer security is a branch of information security applied to both theoretical and actual computer systems. Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers.
..... Click the link for more information.
A software bug (or just "bug") is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended (e.g., producing an incorrect result).
..... Click the link for more information.
An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
..... Click the link for more information.
setuid and setgid are Unix terms, which are short for "Set User ID" and "Set Group ID", respectively. setuid (also sometimes referred to as "suid") and setgid are access right flags that can be assigned to files and directories in a Unix system.
..... Click the link for more information.
Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.
..... Click the link for more information.
Server Computer

The inside/front of a server computer

Connects to:
  • Internet via one of

..... Click the link for more information.
The term computer language includes a wide variety of languages used to communicate with computers. It is broader than the more commonly-used term programming language. Programming languages are a subset of computer languages.
..... Click the link for more information.
A computer program is one or more instructions that are intended for execution by a computer. Specifically, it is a symbol or combination of symbols forming an algorithm that may or may not terminate, and that algorithm is written in a programming language.
..... Click the link for more information.
A root cause is an initiating cause of a causal chain which leads to an outcome or effect of interest. Commonly, root cause is used to describe the depth in the causal chain where an intervention could reasonably be implemented to change performance and prevent an
..... Click the link for more information.
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not
..... Click the link for more information.
buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
..... Click the link for more information.
full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity.
..... Click the link for more information.
In computing, a patch is a small piece of software designed to update or fix problems with a computer program or its supporting data. This includes fixing bugs, replacing graphics and improving the usability or performance.
..... Click the link for more information.
full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity.
..... Click the link for more information.
In cryptography and computer security, security through obscurity (sometimes security by obscurity) is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security.
..... Click the link for more information.
TippingPoint

Division
Founded 1999
Headquarters Austin, Texas

Key people James Hamilton
Industry Telecommunications hardware
Employees 320
Parent 3Com
Website [1]

Acquired by 3Com in 2005, TippingPoint
..... Click the link for more information.
Cert or CERT may refer to:
  • Certs, a brand of breath mints
  • Certiorari, a legal term
  • Certificate, an official document
  • Ceirt, a letter of the Ogham alphabet
  • CERT Coordination Center, an organization dealing with Internet security

..... Click the link for more information.
SecurityFocus.com is an online computer security news portal and purveyor of information security services. Home to the well-known Bugtraq mailing list, SecurityFocus columnists and writers include former Department of Justice cybercrime prosecutor Mark Rasch, and former
..... Click the link for more information.
Secunia

Privately held
Founded 2002
Headquarters  Denmark

Key people Niels Henrik Rasmussen (CEO and founder)
Thomas Kristensen (CTO and co-founder)
Products Enterprise Security Manager
Vulnerability Tracking Service
Surveillance Scanner
..... Click the link for more information.
An operating system (OS) is the software that manages the sharing of the resources of a computer. An operating system processes system data and user input, and responds by allocating and managing tasks and internal system resources as a service to users and programs of the
..... Click the link for more information.
Microsoft Windows

Screenshot of Windows Vista Ultimate, the latest version of Microsoft Windows.
Company/developer: Microsoft Corporation
OS family: MS-DOS/9x-based, Windows CE, Windows NT
Source model: Closed source

..... Click the link for more information.
This article relates to both the original "Classic" Mac OS as well as Mac OS X, Apple's more recent operating system. See the Mac OS X article for information directly relating to this current Macintosh operating system.

..... Click the link for more information.
Unix (officially trademarked as UNIX®) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy.
..... Click the link for more information.
Linux (pronunciation: IPA: /ˈlɪnʊks/, lin-uks) is a Unix-like computer operating system. Linux is one of the most prominent examples of free software and open source development; its underlying source code can be
..... Click the link for more information.
OpenVMS[1] (Open Virtual Memory System or just VMS) is the name of a high-end computer server operating system that runs on the VAX[2] and Alpha[3]
..... Click the link for more information.
firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust.

Function


..... Click the link for more information.
access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through
..... Click the link for more information.
stack buffer overflow occurs when a program accesses a memory address on the program's call stack outside of the intended data structure; usually a fixed length buffer.[1][2]
..... Click the link for more information.
buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
..... Click the link for more information.


This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus


page counter