Not necessarily, I’m just restating what is mentioned on the mitre post, which I feel can be a bit misleading.
There are lots of “what if” scenarios involved in exploitation of this vulnerability. And while I agree with you, the ultimate fix to all of these problems is to execute only signed executables and libraries and only when the system has Secure Boot enabled with a TPM. Obviously extending this solution down to the library and executable level is far from ideal on general purpose computing. So where do you draw the line? I draw the line at “not likely to happen”, “in the most widespread cases already requires elevated privilege to use”, and also importantly, “incredibly easy to find by forensics groups assuming no other persistent hooks of the underlying kernel.” -Mike From: Brandon Perry [mailto:bperry.volat...@gmail.com] Sent: Wednesday, April 30, 2014 19:28 To: Mike Cramer Cc: Alton Blom; fulldisclosure@seclists.org; Stefan Kanthak Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files The practice of creating persistent services from temp directories is "generally avoided". I see what you're saying, but the use case which you mentioned is an extremely long shot scenario. While possible, it's not likely going to happen. So you're definition of vulnerability relies on likelihood. Gotcha. Don't confuse risk with being vulnerable. -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
