On Mon, 14 Jan 2008 02:31:28 +0000
Karanbir Singh <kbsingh@xxxxxxxxxx> wrote:
> Mark Weaver wrote:
> > while I understand why you'd like proof of concept for the exploit
> > it's not something I'd post on a public mailing list. Not to
> > mention the exploit was trashed when I reloaded the system. At the
> > time it didn't seem expedient for to save that which killed my
> > server for posterity.
>
> security@xxxxxxxxxx is where I'd expect you to post that to.
>
> Also, if you dont know what you are fixing, you dont have anything to
> benchmark against 5.2.5 either.
>
> As has already been pointed out in the thread, its highly likely that
> if the exploit was via a php app, its going to be an app specific
> exploit. Reloading that is going to bring that right back.
>
> Selinux normally helps prevent situations like this.
>
> - KB
ah, yes... SELinux... Well, that was actually on the system at the time
of the "second" breach. Getting the apps existing on the web server to
play nicely in that environment was quite a trick, but they managed to
breach a second time anyway.
If I can find any remaining information from that time I'll post as
you've suggested.
Mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
