diff options
| author | dequis <dx@dxzone.com.ar> | 2017-05-22 02:02:22 -0300 |
|---|---|---|
| committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-08 19:04:30 +0200 |
| commit | 8d93290e04e3fc0903986a420e6fd7fec41128fc (patch) | |
| tree | 4c0eedad6da3b09a159d46a2494e4616e07382ca /security/index.html | |
| parent | c669e39b2863114791be354eed48e76fb5946e0f (diff) | |
| download | irssi.github.io-8d93290e04e3fc0903986a420e6fd7fec41128fc.zip | |
security: reorder columns, add reference section
Diffstat (limited to 'security/index.html')
| -rw-r--r-- | security/index.html | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/security/index.html b/security/index.html index 2246b0f..9859fb8 100644 --- a/security/index.html +++ b/security/index.html @@ -7,13 +7,13 @@ categories: [ _nav ] <table class="table"> <thead> <tr class="text-nowrap"> + <th>Release date</th> <th>External links</th> - <th>Exploitable by</th> <th>Affected versions</th> <th>Fixed in version</th> - <th>Release date</th> - <th>Credit</th> + <th>Exploitable by</th> <th>Description</th> + <th>Credit</th> </tr> </thead> <tbody> @@ -22,12 +22,12 @@ categories: [ _nav ] {% assign name = item[0] %} {% assign values = item[1] %} <tr> + <td class="text-nowrap">{{ values.release_date }}</td> <td class="text-nowrap"> {% for link in values.external_links %} <div><a href="{{ link.url }}">{{ link.id }}</a></div> {% endfor %} </td> - <td>{{ values.exploitable_by }}</td> <td>{{ values.affected_versions }}</td> <td> {{ values.fixed_version }} @@ -35,10 +35,33 @@ categories: [ _nav ] (git) </a> </td> - <td class="text-nowrap">{{ values.release_date }}</td> - <td>{{ values.credit }}</td> + <td>{{ values.exploitable_by }}</td> <td>{{ values.description }}</td> + <td>{{ values.credit }}</td> </tr> {% endfor %} </tbody> </table> + +<h2>Reference</h2> + +<p>"Exploitable by" column:</p> + +<ul> + <li> + <b>Server</b>: Triggered by malicious inputs sent by a server with complete control over the connection<br /> + Example: malformed raw IRC commands + </li> + <li> + <b>Client</b>: Triggered by malicious inputs sent by remote clients with no privileges over the network<br /> + Example: malformed color codes inside a message + </li> + <li> + <b>Local users</b>: Exploitable by unprivileged system users with access to the same filesystem<br /> + Example: CVE-2016-7553 (buf.pl information disclosure) + </li> + <li> + <b>Local formats</b>: Exploitable through internal format codes used in themes and configs. These are not normally processed from the network but may be in combination with buggy scripts.<br /> + Example: CVE-2017-5356 (Crash on <code>%[</code>) + </li> +</ul> |