[CentOS] what percent of time are there unpatched exploits against default config?
Reindl Harald
h.reindl at thelounge.net
Thu Dec 29 14:06:38 UTC 2011
Am 29.12.2011 14:59, schrieb Johnny Hughes:
> That flaw as absolutely no "access" component. It allows a DDOS attack,
> not provide remote access to a machine.
>
> From the bug:
>
> A flaw was found in the way the Apache HTTP Server handled Range HTTP
> headers. A remote attacker could use this flaw to cause httpd to use an
> excessive amount of memory and CPU time via HTTP requests with a
> specially-crafted Range header. (CVE-2011-3192)
>
> How is that relevant to allowing access to someone's server.
and if you have a webserver and the webserver can be easily
killed with a DOS the bug is CRITICAL, if you can kill any
PUBLIC SERVICE remote a bug is CRITICAL
what exactly do you not understand while these are
simple facts - your definition of critical is broken
if you think anything where you can not get into the
machine is not
and yes i tried the demo-exploits which killed a quad-core with 16
GB memory within some seconds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/6dbfff46/attachment.sig>
More information about the CentOS
mailing list