On 6/24/2016 9:20 AM, James B. Byrne wrote:
We received a notice from our pci-dss auditors respecting this: CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.
2.4 kernels are kinda old. kinda really really old. are you still running CentOS 4 on PCI audited systems ?!??
-- john r pierce, recycling bits in santa cruz _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
