Re: PHP 5.2.5 when ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sun, 13 Jan 2008 16:25:15 -0800
Ray Van Dolson <rayvd@xxxxxxxxxxxx> wrote:

> On Sun, Jan 13, 2008 at 02:14:04PM -0500, Mark Weaver wrote:
> > those patches didn't do much for keeping one of my systems from
> > being breached via php. from the looks of the web server logs as
> > well as the messages log file that's where they got in.
> > 
> > being the anul sort I am I first thought they'd breached the system
> > through ssh, but that wasn't the case.
> 
> I'd be willing to bet it was an application-specific hole that was
> utilized to breach your system.
>  
> Ray

That's always a possibility, but to my knowledge it wasn't anything I
was aware of at the time, and since I do most of my app development in
Perl it wasn't anything I personally wrote. The only other apps that
were on the system at the time was a php web site and forum. php-cli
was part of the problem; i.e. the weakness that made the exploit
possible. I personally can think of no reason at all for php-cli.

Mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux