[XCSSA] spl2 and mazzer
xcssa@xcssa.org
xcssa@xcssa.org
Mon, 11 Sep 2006 00:14:03 +0000
Email me off list and we can talk about what you have and how to track some of
it down.
Tweeks
On Sunday 10 September 2006 12:18, xcssa-admin@xcssa.org wrote:
> Tom, yes this server does have Apache and PHP and no it doesn't have
> SELinux. As for shell logins, yes, this server does allow shell
> logins.
>
> On 9/9/06, xcssa-admin@xcssa.org <xcssa-admin@xcssa.org> wrote:
> > On Sunday 10 September 2006 00:16, xcssa-admin@xcssa.org wrote:
> > > Has anybody come across a root shell exploit called spl2? Fortunately,
> > > I caught it right after it happened and I've been trying to find what
> > > this exploit exploits.
> >
> > Was this on a web server running PHP by chance? Does the server allow
> > end user shell logins? Are you running SELinux? Can you enable it and
> > see if it still works (use "setenforce 1" then test again).
> >
> > Tweeks
> > _______________________________________________
> > XCSSA mailing list
> > XCSSA@xcssa.org
> > http://xcssa.org/mailman/listinfo/xcssa