Am 29.12.2011 14:59, schrieb Johnny Hughes: > That flaw as absolutely no "access" component. It allows a DDOS attack, > not provide remote access to a machine. > > From the bug: > > A flaw was found in the way the Apache HTTP Server handled Range HTTP > headers. A remote attacker could use this flaw to cause httpd to use an > excessive amount of memory and CPU time via HTTP requests with a > specially-crafted Range header. (CVE-2011-3192) > > How is that relevant to allowing access to someone's server. and if you have a webserver and the webserver can be easily killed with a DOS the bug is CRITICAL, if you can kill any PUBLIC SERVICE remote a bug is CRITICAL what exactly do you not understand while these are simple facts - your definition of critical is broken if you think anything where you can not get into the machine is not and yes i tried the demo-exploits which killed a quad-core with 16 GB memory within some seconds -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/6dbfff46/attachment-0005.sig>