[CentOS] what percent of time are there unpatched exploits against default config?
Johnny Hughes
johnny at centos.org
Thu Dec 29 14:30:15 UTC 2011
On 12/29/2011 08:06 AM, Reindl Harald wrote:
>
>
> Am 29.12.2011 14:59, schrieb Johnny Hughes:
>> That flaw as absolutely no "access" component. It allows a DDOS attack,
>> not provide remote access to a machine.
>>
>> From the bug:
>>
>> A flaw was found in the way the Apache HTTP Server handled Range HTTP
>> headers. A remote attacker could use this flaw to cause httpd to use an
>> excessive amount of memory and CPU time via HTTP requests with a
>> specially-crafted Range header. (CVE-2011-3192)
>>
>> How is that relevant to allowing access to someone's server.
>
> and if you have a webserver and the webserver can be easily
> killed with a DOS the bug is CRITICAL, if you can kill any
> PUBLIC SERVICE remote a bug is CRITICAL
I did not define it bozo, so stop your bullshit on this list. I have
already pointed to how the classifications are done.
>
> what exactly do you not understand while these are
> simple facts - your definition of critical is broken
> if you think anything where you can not get into the
> machine is not
Who the hell do you think yo0u are? You will be banned from posting on
this list of you can not act appropriately.
>
> and yes i tried the demo-exploits which killed a quad-core with 16
> GB memory within some seconds
For those of you who did not see how the categories are defined, here it is:
https://access.redhat.com/security/updates/classification/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/17bec246/attachment.sig>
More information about the CentOS
mailing list