0

I know that for the most part, there are some small differences between thoughts on a lot of matters in terms of definitions in security.

What I am asking about is whether exploits are considered to take advantage of a specific vulnerability, or whether it is OK to say that multiple exploits take advantage of a single vulnerability. For example, we know that SQL has many types of exploits through SQL injection attacks. Do we say that the vulnerability in SQL to being manipulated through being sent unexpected commands is the vulnerability itself, or is it the specific command which is able to perform the exploit action which is the vulnerability, meaning it is a 1:1 rather than a 1:* relationship?

Binn
  • 11
  • 2
    I suggest you reword this question as in its current form its unclear what you are asking. – LvB May 04 '15 at 11:52
  • There is no 1:1 relationship. More often than not, you have some vulnerabilities (such as the design flaws that make SQLi possible) which can lead to tons of different exploits that will for instance exploit the structure of a specific site's database. You could also imagine more generic exploits that implement a vulnerability originating in the design of an IPC protocol. Exploits tend to be tied to vulns when the vulns originate in code bugs, rather than in protocol / architecture design flaws. – Steve Dodier-Lazaro May 04 '15 at 13:17

1 Answers1

4

All this is just a matter of definition and vocabulary. I have the impression that in your question you are confusing "exploit" and "threat".

  • A vulnerability is a weakness in a system. This weakness may or may not be addressed by some security measures, may or may not be known.
  • A threat can be anything endangering the system by exploiting or triggering the vulnerability. A threat can be caused by a voluntary action (someone causes a denial of service by crashing your non redundant server) or involuntary (a fire broke out and caused a denial of service by burning your non redundant server). As you can see, in these examples there is only one vulnerability (the system is non redundant) and two different threats related to this single vulnerability.
  • An exploit is an implementation of a threat. There can be many different implementations of the same threat.

Take your SQL injection example:

  • If users' parameter are not properly filtered, a web application is said to be vulnerable to SQL injection.
  • This vulnerability requires that an attacker has access to the vulnerable page and is able to input malicious content in a way it will be processed by the web app server and trigger the vulnerability. This provides read/write access to the database to the attacker, allowing him to access and modify sensitive information. This is the description of a threat.
  • A way to exploit this vulnerability would be to put some string A in the field F. This is an exploit. However, using a different string or a different field might also prove to be effective to counter for instance some badly implemented security measures. Same vulnerability, but multiple exploits could be used.
RoraΖ
  • 12,317
  • 4
  • 51
  • 83
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104