[CentOS] what percent of time are there unpatched exploits against default config?

Thu Dec 29 14:06:38 UTC 2011
Reindl Harald <h.reindl at thelounge.net>


Am 29.12.2011 14:59, schrieb Johnny Hughes:
> That flaw as absolutely no "access" component.  It allows a DDOS attack,
> not provide remote access to a machine.
> 
> From the bug:
> 
> A flaw was found in the way the Apache HTTP Server handled Range HTTP
> headers. A remote attacker could use this flaw to cause httpd to use an
> excessive amount of memory and CPU time via HTTP requests with a
> specially-crafted Range header. (CVE-2011-3192)
> 
> How is that relevant to allowing access to someone's server.

and if you have a webserver and the webserver can be easily
killed with a DOS the bug is CRITICAL, if you can kill any
PUBLIC SERVICE remote a bug is CRITICAL

what exactly do you not understand while these are
simple facts - your definition of critical is broken
if you think anything where you can not get into the
machine is not

and yes i tried the demo-exploits which killed a quad-core with 16
GB memory within some seconds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/6dbfff46/attachment-0005.sig>