Authentication

Computer vulnerabilities are also easily divisible by the condition if the person needs access to the computer already. In fact, about 1-in-7 vulnerabilities that I've examined don't require access to the host before gaining additional access. A vulnerability that does not need any form of pre-authentication for access are always the most dangerous.

No Authorization Required

A vulnerability that doesn't require any form of authentication, especially ones that bypass registration altogether, are the ones that add the greatest threat to a computer environment. The following is an example of a vulnerability which allows access because an account has no password, and the access level it gives immediately allows a "root" compromise:

Sample Vulnerability [lpr hole, Administrator Access, Irix 5.x and earlier]:

lpr account doesn't have a password,  lprq program can be overwritten with a shell to gain root access.

Although cases where accounts without passwords are common, this particular bug was a design flaw as the system was shipped with this account open by default and with powerful privileges. Other types of vulnerabilities may not even allow an interactive shell, allowing only a program to be executed on the target machine.

Authorization Required

A vulnerability that requires a user to be authenticated first is a flaw that exists in a process or function only an authorized user has access to. These vulnerabilities allow an authenticated user to gain access to privileged functions on the host that they normally would not be able to have access to. The following example demonstrates how a vulnerability that requires an account may function:

Sample Vulnerability [sendmail hole, AIX 3.2]:

An attacker can overwrite any system file under AIX,  all you need to do is create $HOME/.forward file with the following line "|/some/random/file/you/want/to/overwrite" and send yourself mail.

With this vulnerability, the attacker already has a home account, but can redirect their e-mail to overwrite any file that exists on the system. Keep in mind once inside the computer system, the numbers of ways to gain access increase because of the complexity of the operating system. Most security professionals consider that once an intruder gains access to the host, the host has probably already had administrator access compromise.