On Mon, 14 Jan 2008 00:15:27 +0000 Karanbir Singh <kbsingh at centos.org> wrote: > Mark Weaver wrote: > > those patches didn't do much for keeping one of my systems from > > being breached via php. from the looks of the web server logs as > > well as the messages log file that's where they got in. > > I am still waiting for you to post some demonstrate-able exploit in > the distro supplied php packages. > > - KB while I understand why you'd like proof of concept for the exploit it's not something I'd post on a public mailing list. Not to mention the exploit was trashed when I reloaded the system. At the time it didn't seem expedient for to save that which killed my server for posterity. Mark