On 12/29/2011 08:06 AM, Reindl Harald wrote: > > > Am 29.12.2011 14:59, schrieb Johnny Hughes: >> That flaw as absolutely no "access" component. It allows a DDOS attack, >> not provide remote access to a machine. >> >> From the bug: >> >> A flaw was found in the way the Apache HTTP Server handled Range HTTP >> headers. A remote attacker could use this flaw to cause httpd to use an >> excessive amount of memory and CPU time via HTTP requests with a >> specially-crafted Range header. (CVE-2011-3192) >> >> How is that relevant to allowing access to someone's server. > > and if you have a webserver and the webserver can be easily > killed with a DOS the bug is CRITICAL, if you can kill any > PUBLIC SERVICE remote a bug is CRITICAL I did not define it bozo, so stop your bullshit on this list. I have already pointed to how the classifications are done. > > what exactly do you not understand while these are > simple facts - your definition of critical is broken > if you think anything where you can not get into the > machine is not Who the hell do you think yo0u are? You will be banned from posting on this list of you can not act appropriately. > > and yes i tried the demo-exploits which killed a quad-core with 16 > GB memory within some seconds For those of you who did not see how the categories are defined, here it is: https://access.redhat.com/security/updates/classification/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/17bec246/attachment-0005.sig>