oss-sec mailing list archives
Re: Thoughts on a vuln/CVE?
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 18 Jun 2013 11:02:17 +0200
On 06/18/2013 08:44 AM, Kurt Seifried wrote:
However my original question still stands, can/should we consider a common configuration of software that goes from being secure to insecure to be worthy of a CVE? A lot of things that used to be common practice (like shipping every service/server enabled, all accounts active, all access enabled, anonymous uploads allowed, etc.) are now seen as security vulnerabilities/exposures.
We definitely do. A recent example is CVE-2012-4446. -- Florian Weimer / Red Hat Product Security Team
Current thread:
- Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
- Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
- Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
- Re: Thoughts on a vuln/CVE? Tim (Jun 18)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)