[XCSSA] spl2 and mazzer
xcssa@xcssa.org
xcssa@xcssa.org
Sun, 10 Sep 2006 07:18:48 -0500
Tom, yes this server does have Apache and PHP and no it doesn't have
SELinux. As for shell logins, yes, this server does allow shell
logins.
On 9/9/06, xcssa-admin@xcssa.org <xcssa-admin@xcssa.org> wrote:
> On Sunday 10 September 2006 00:16, xcssa-admin@xcssa.org wrote:
> > Has anybody come across a root shell exploit called spl2? Fortunately,
> > I caught it right after it happened and I've been trying to find what
> > this exploit exploits.
>
> Was this on a web server running PHP by chance? Does the server allow end
> user shell logins? Are you running SELinux? Can you enable it and see if it
> still works (use "setenforce 1" then test again).
>
> Tweeks
> _______________________________________________
> XCSSA mailing list
> XCSSA@xcssa.org
> http://xcssa.org/mailman/listinfo/xcssa
>
--
Jeremy