top | item 28246346 (no title) bitlevel | 4 years ago Because it's not conjusive to a minimal attack surface - by way of example: https://www.helpnetsecurity.com/2019/02/13/cve-2019-7304/ discuss order hn newest Osiris|4 years ago Not to completely minimize it, but that says local attacker, not remote attacker. So someone would still have to gain access to the system in question in the first place. phone8675309|4 years ago Just because a server is headless does not mean that it isn't interactive in some way or running some user-submitted scripts or code.Also, compromising a service running as a user (not root) would be sufficient to then escalate.
Osiris|4 years ago Not to completely minimize it, but that says local attacker, not remote attacker. So someone would still have to gain access to the system in question in the first place. phone8675309|4 years ago Just because a server is headless does not mean that it isn't interactive in some way or running some user-submitted scripts or code.Also, compromising a service running as a user (not root) would be sufficient to then escalate.
phone8675309|4 years ago Just because a server is headless does not mean that it isn't interactive in some way or running some user-submitted scripts or code.Also, compromising a service running as a user (not root) would be sufficient to then escalate.
Osiris|4 years ago
phone8675309|4 years ago
Also, compromising a service running as a user (not root) would be sufficient to then escalate.