Am 29.12.2011 14:59, schrieb Johnny Hughes: > That flaw as absolutely no "access" component. It allows a DDOS attack, > not provide remote access to a machine. > > From the bug: > > A flaw was found in the way the Apache HTTP Server handled Range HTTP > headers. A remote attacker could use this flaw to cause httpd to use an > excessive amount of memory and CPU time via HTTP requests with a > specially-crafted Range header. (CVE-2011-3192) > > How is that relevant to allowing access to someone's server. and if you have a webserver and the webserver can be easily killed with a DOS the bug is CRITICAL, if you can kill any PUBLIC SERVICE remote a bug is CRITICAL what exactly do you not understand while these are simple facts - your definition of critical is broken if you think anything where you can not get into the machine is not and yes i tried the demo-exploits which killed a quad-core with 16 GB memory within some seconds
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
