Whitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 5.0.6 and below and Ubuntu versions 10.04 and below.
ae6f799792df2bc63f6efc669e1ba990189cb2b0e37eae9470cd60171c0c72ba