Linux Journal: Mambo Exploit Blocked by SELinux

August 16th, 2007 | Tags:

Linux Journal have published an interesting article, Mambo Exploit Blocked by SELinux, by Richard Bullington-McGuire.

Mambo is a CMS written in PHP. At some point, the code was vulnerable to a worm, which breached Richard’s system. His article details how this breach was both detected and contained with SELinux, as configured with the default targeted policy under RHEL4.

It demonstrates one of the core goals of SELinux, which is to prevent flawed software from being exploited by malware. In this case, the payload was delivered into the system via a third party PHP application, but was then prevented from doing any damage.

The article is also useful generally as an example of computer forensics procedures.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    bodytext del.icio.us Facebook Google IndianPad Mixx Reddit StumbleUpon Slashdot E-mail this story to a friend! Print this article!
Comments are closed.