[jlgaddis]

An outdated version of a PHP application (which had a public vulnerability) was attacked, allowing arbitrary code execution. The "exploit" attempted to download and execute a remote file via TFTP. Ultimately, a "remote shell" would end up being installed on the server.

SELinux, however, prevented the TFTP transfer from happening. We saw this in the audit logs, investigated, and discovered what had happened (and, of course, updated the PHP application).

If the attack had succeeded, I'm convinced that it eventually would have ended up as a full ("root-level") compromise.