[CentOS] what percent of time are there unpatched exploits against default config?

Thu Dec 29 14:30:15 UTC 2011
Johnny Hughes <johnny at centos.org>

On 12/29/2011 08:06 AM, Reindl Harald wrote:
> 
> 
> Am 29.12.2011 14:59, schrieb Johnny Hughes:
>> That flaw as absolutely no "access" component.  It allows a DDOS attack,
>> not provide remote access to a machine.
>>
>> From the bug:
>>
>> A flaw was found in the way the Apache HTTP Server handled Range HTTP
>> headers. A remote attacker could use this flaw to cause httpd to use an
>> excessive amount of memory and CPU time via HTTP requests with a
>> specially-crafted Range header. (CVE-2011-3192)
>>
>> How is that relevant to allowing access to someone's server.
> 
> and if you have a webserver and the webserver can be easily
> killed with a DOS the bug is CRITICAL, if you can kill any
> PUBLIC SERVICE remote a bug is CRITICAL

I did not define it bozo, so stop your bullshit on this list.  I have
already pointed to how the classifications are done.

> 
> what exactly do you not understand while these are
> simple facts - your definition of critical is broken
> if you think anything where you can not get into the
> machine is not

Who the hell do you think yo0u are?  You will be banned from posting on
this list of you can not act appropriately.

> 
> and yes i tried the demo-exploits which killed a quad-core with 16
> GB memory within some seconds



For those of you who did not see how the categories are defined, here it is:

https://access.redhat.com/security/updates/classification/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/17bec246/attachment-0005.sig>