oss-sec mailing list archives
Re: Thoughts on a vuln/CVE?
From: Tim <tim-security () sentinelchicken org>
Date: Tue, 18 Jun 2013 09:53:47 -0700
However my original question still stands, can/should we consider a common configuration of software that goes from being secure to insecure to be worthy of a CVE? A lot of things that used to be common practice (like shipping every service/server enabled, all accounts active, all access enabled, anonymous uploads allowed, etc.) are now seen as security vulnerabilities/exposures.
To me, it's a big grey area as far as assigning a CVE for stuff like this. But there's no reason we shouldn't raise awareness through venues like the various CERTs. Though it seems US-CERT is only really good at re-sending microsoft and apple advisories these days. =( tim
Current thread:
- Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
- Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
- Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
- Re: Thoughts on a vuln/CVE? Tim (Jun 18)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)