Re: PHP 5.2.5 when ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Mark Weaver wrote:
while I understand why you'd like proof of concept for the exploit it's
not something I'd post on a public mailing list. Not to mention the
exploit was trashed when I reloaded the system. At the time it didn't
seem expedient for to save that which killed my server for posterity.

security@xxxxxxxxxx is where I'd expect you to post that to.

Also, if you dont know what you are fixing, you dont have anything to benchmark against 5.2.5 either.

As has already been pointed out in the thread, its highly likely that if the exploit was via a php app, its going to be an app specific exploit. Reloading that is going to bring that right back.

Selinux normally helps prevent situations like this.

- KB
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux