Jump to content

amdphr3@kXP

Member
 View Profile  See their activity

  • Posts

    395

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    Australia

 Content Type 

Everything posted by amdphr3@kXP

  1. amdphr3@kXP
    true, shaft, the turbine in the jap spec supras are weak as they are ceramic, but put a big garrett on em and away ya go, the stock 2jz engine is rock solid, many performance tuning garages leave the engine stock as they dont need to modify it 2 pump out HP. They are both fast cars...I just prefer the supra
  2. amdphr3@kXP
    ah k...wierd kinda prob u got there...did u upgrade from win2k or fresh install win2k3?
  3. amdphr3@kXP
    U cant install windows messenger on win9x, id say what has happened is the uninstall file hasnt been installed properly when u set up messenger 5, or it hasnt registered it properly. Ur only option is to reinstall messenger 5 to see if it will reinstall the uninstall file. If that dont work, you will hav to go into your registry and delete any keys created by msn 5, then delete the filez/system filez that it installed. Do the last thing i mentioned at ur own risk, as i do not know what system files that it uses
  4. amdphr3@kXP
    huh i cant upload! Is there a limit on how many posts u need 2 hav b4 u can?
  5. amdphr3@kXP
    cool let me kno how it works out
  6. amdphr3@kXP
    hav u got ur cd drives plugged into a separate ide channel from the hdd? I was experiencing the same prob with my 40 gig barracuda when i had the cdrom and the hdd on the same cable. If u hav the cdrom plugged into the same cable as the hdd, disconnect it and connect it to the same cable as the other cd drive
  7. amdphr3@kXP
    lol my supra will own both the evo and the z4
  8. amdphr3@kXP
    Im an aussie, from newcastle beat ya to it dude, number 1
  9. amdphr3@kXP
    Yeh 4 sure! Id love to get my hands on a supra, skyline, 180sx/silvia or an RX7 but the prob is $$$. Hopefully when i finally get qualified to get a job as a network admin i might b able 2 buy one . But hey, at the end of the day, ur only allowed to drive as fast as the speed limit lets ya (without losing ur licence), so i dont see the point in a fast car like that, they look nice, but unless u hav access to a track, theres pretty much nowhere to unleash their potential without losing ur licence or goin 2 jail.
  10. amdphr3@kXP
    thanx
  11. amdphr3@kXP
    to make windows xp have a side tray thingy like longhorn? It looks nice and fairly useful, just wondering if theres any way to put something similar in winxp
  12. amdphr3@kXP
    glad ya enjoy it here
  13. amdphr3@kXP
    I come across this nifty tool, its quite useful for testing your security, called X-scan, it can test your defense against anything from netbios exploits to IIS exploits You can get it 4 free from http://www.xfocus.org/
  14. amdphr3@kXP
    from my experiences, i have found windows and linux just as exploitable as each other, a mate had a winxp box and a linux box and i was able to exploit one of these as easy as the other, they aren't very secure, as long as an attacker knows what he/she is doing, they can exploit either linux or windows with ease
  15. amdphr3@kXP
    Welcome to MSFN shaft, im from aust as well, hope u enjoy the site
  16. amdphr3@kXP
    Welcome to MSFN lindakay, hope you enjoy the site. Any PC probs, the support forums are the place to ask to get answers
  17. amdphr3@kXP
    Debian Security Advisory Affected Packages: kernel A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops"). CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. This advisory covers only the i386 (Intel IA32) architectures. Other architectures will be covered by separate advisories. For the stable distribution (woody) on the i386 architecture, these problems have been fixed in kernel-source-2.4.18 version 2.4.18-9, kernel-image-2.4.18-1-i386 version 2.4.18-8, and kernel-image-2.4.18-i386bf version 2.4.18-5woody1. For the unstable distribution (sid) these problems are fixed in the 2.4.20 series kernels based on Debian sources. It is recommended that you upgrade your kernel packages If you are using the kernel installed by the installation system when the "bf24" option is selected (for a 2.4.x kernel), you should install the kernel-image-2.4.18-bf2.4 package. If you installed a different kernel-image package after installation, you should install the corresponding 2.4.18-1 kernel. You may use the table below as a guide. | If "uname -r" shows: | Install this package: | 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4 | 2.4.18-386 | kernel-image-2.4.18-1-386 | 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc | 2.4.18-686 | kernel-image-2.4.18-1-686 | 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp | 2.4.18-k6 | kernel-image-2.4.18-1-k6 | 2.4.18-k7 | kernel-image-2.4.18-1-k7 NOTE: that this kernel is not binary compatible with the previous version. For this reason, the kernel has a different version number and will not be installed automatically as part of the normal upgrade process. Any custom modules will need to be rebuilt in order to work with the new kernel.
  18. amdphr3@kXP
    GNU gzexe Temporary File Vulnerability It has been reported that gzexe uses temporary files insecurely. During execution, an instance of gzexe creates a symbolic link in /tmp with a filename based on its process ID. This creates a race condition that may be exploited by local users to corrupt files writeable by target users. SYSTEMS AFFECTED GNU gzip 1.2.4 a + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 7.0 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Single Network Firewall 7.2 + RedHat Linux 6.2 alpha + RedHat Linux 6.2 i386 + RedHat Linux 6.2 sparc + SGI IRIX 6.5 + SGI IRIX 6.5.1 + SGI IRIX 6.5.2 + SGI IRIX 6.5.3 + SGI IRIX 6.5.4 + SGI IRIX 6.5.5 + SGI IRIX 6.5.6 + SGI IRIX 6.5.7 + SGI IRIX 6.5.8 + SGI IRIX 6.5.9 + SGI IRIX 6.5.10 + SGI IRIX 6.5.11 f + SGI IRIX 6.5.11 m + SGI IRIX 6.5.12 f + SGI IRIX 6.5.12 m + SGI IRIX 6.5.13 f + SGI IRIX 6.5.13 m + SGI IRIX 6.5.14 f + SGI IRIX 6.5.14 m + SGI IRIX 6.5.15 f + SGI IRIX 6.5.15 m + Trustix Secure Linux 1.1 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.5 GNU gzip 1.2.4 + Debian Linux 2.2 68k + Debian Linux 2.2 alpha + Debian Linux 2.2 arm + Debian Linux 2.2 IA-32 + Debian Linux 2.2 powerpc + Debian Linux 2.2 sparc + RedHat Linux 5.2 alpha + RedHat Linux 5.2 i386 + RedHat Linux 5.2 sparc + RedHat Linux 6.0 + RedHat Linux 6.0 alpha + RedHat Linux 6.0 sparc + RedHat Linux 6.1 alpha + RedHat Linux 6.1 i386 + RedHat Linux 6.1 sparc + Slackware Linux 7.0 + Slackware Linux 7.1 + Slackware Linux 8.0 + Sun Solaris 8.0 + Sun Solaris 8.0 _x86 GNU gzip 1.3 + RedHat Linux 7.0 alpha + RedHat Linux 7.0 i386 + RedHat Linux 7.0 sparc + RedHat Linux 7.1 alpha + RedHat Linux 7.1 i386 + RedHat Linux 7.2 alpha + RedHat Linux 7.2 i386 GNU gzip 1.3.2 + Debian Linux 3.0 + Debian Linux 3.0 alpha + Debian Linux 3.0 arm + Debian Linux 3.0 hppa + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 m68k + Debian Linux 3.0 mips + Debian Linux 3.0 mipsel + Debian Linux 3.0 ppc + Debian Linux 3.0 s/390 + Debian Linux 3.0 sparc SOLUTION Debian has issued upgrades that will eliminate the vulnerability in Debian packages. See DSA-308-1 (in the reference section) for URLs. TECHNICAL DETAILS It has been discovered that znew, a script included in the gzip package, creates its temporary files without taking precautions to avoid a symlink attack (CAN-2003-0367). The gzexe script has a similar vulnerability which was patched in an earlier release but inadvertently reverted. For the stable distribution (woody) both problems have been fixed in version 1.3.2-3woody1. For the old stable distribution (potato) CAN-2003-0367 has been fixed in version 1.2.4-33.2. This version is not vulnerable to CVE-1999-1332 due to an earlier patch. For the unstable distribution (sid) this problem will be fixed soon
  19. amdphr3@kXP
    [LSD] HP-UX security vulnerabilities 1. /usr/sbin/lanadmin /usr/sbin/landiag The vulnerability in the lanadmin and landiag programs is caused by improper handling of the TERM environment variable in the setupterm() function - it copies this variable without any size checking into the stack buffer with the use of strcpy function. This bug can be triggered by invoking lanadmin or landiag program with TERM environment variable set to a long string value. When appropriately exploited it can lead to a local root compromise of a vulnerable system. 2. /opt/sharedprint/bin/pcltotiff There exists a buffer overflow vulnerability in the command line parsing code portion of the pcltotiff program. This bug can be triggered by invoking pcltotiff program with a long string argument passed with the -t command line option. During program execution, this argument is further insecurely copied into the stack buffer with the use of strcpy() function and without any size checking. When appropriately exploited this bug can lead to privilege elevation attack as group id of bin can be gained on a vulnerable system. 3. rpc.yppasswdd The rpc.yppasswdd service is typically instaled with NIS (Network Information Service) subsystem. The purpose of this service is to handle password change requests from yppasswd program. In the HP-UX operating system, the rpc.yppasswdd is installed as RPC service number 100009. We have found that there exists the same security vulnerability in HP-UX rpc.yppasswdd like in Solaris operating system (Bulletin Number #00209). This vulnerability can be remotely exploited to gain unauthorised access to the target HP-UX system with administrative (root user) privileges. The vulnerability can be triggered by sending carefully crafted string argument to the YPPASSWDPROC_UPDATE function. This function has two arguments: a character string and a passwd struct (in our proof of concept ode we only send a string instead of the whole structure), which stand for respectively the oldpass and passwd struct (in our case pw_name string). In the changepasswd() function the pw_name field of the passwd structure is copied to a fixed buffer with the use of strcpy() function call. As this call is done without any checking of the string length and boundaries, program stack can be overwritten in a result of a buffer overflow condition. Below you can see a detailed trace log from our bptrace tool, which clearly illustrates the rpc.yppasswdd execution path that leads to the overflow condition. [21110] 0x00012a98 1 changepasswd() [21110] 0x00025480 1 memset(0xffbefa30,0,40) [21110] 0x00014448 1 xdr_yppasswd() [21110] 0x00025738 1 xdr_wrapstring() [21110] 0x00014374 1 xdr_passwd() [21110] 0x00025744 1 xdr_uid_t() [21110] 0x00025750 1 xdr_gid_t() [21110] 0x000126b4 1 validstr() [21110] 0x0002545c 1 strlen("") [21110] 0x000255b8 1 strchr("",':') [21110] 0x000126b4 2 validstr() [21110] 0x000126b4 3 validstr() [21110] 0x00025474 1 strcmp("udp","ticlts") .... [21110] 0x00025438 1 strcpy(0xffbef9d8,"overlfow string with shellcode") 4. /usr/lib/X11/Xserver/ucode/screens/hp/rs.F3000 This vulnerability results from bad coding practices, specifically the way system() function call is used throughout the code of rs.F30002 program. This function call is used by rs.F30002 for invoking external programs (like rm) without specifying their absolute path. If PATH environment variable is appropriately set prior to such an unsafe system() call invocation, user programs can be executed at elevated privileges (user=daemon). 5. /usr/bin/stmkfont Simple buffer overflow vulnerability exists in the command line parsing code portion of the stmkfont program. This bug can be triggered by invoking stmkfont program with a long string argument. When appropriately exploited it can lead to privilege elevation attack as group id of bin can be gained on a vulnerable system. 6. /usr/bin/uucp The buffer overflow vulnerability exists in the command line parsing code portion of the uucp program. This bug can be triggered by invoking uucp program with a long string argument as option. When appropriately exploited it can lead to the privilege elevation attack as user id of uucp can be gained on a vulnerable system. 7. /usr/bin/uusub The buffer overflow vulnerability exists in the command line parsing code portion of the uusub program. This bug can be triggered by invoking uusub program with a long string argument passed with -a command line option. When appropriately exploited it can lead to the privilege elevation attack as user id of uucp can can be gained on a vulnerable system.
  20. amdphr3@kXP
    Nokia GGSN (IP650 Based) DoS Application: Nokia GGSN (IP650 Based) Platform: Nokia GGSN (IP650 Based) Severity: An attacker is able to cause GGSN to kernel panic Overview: Nokia's (http://www.nokia.com) GGSN (Gateway GPRS support node) is the platform that exists between Gn and Gi networks within a GPRS network. There exists a vulnerability in the TCP stack that allows an attacker to cause the GGSN to kernel panic and shutdown. This potentially allows an attacker to crash all data connectivity within a GPRS based network. This is a good example of why network elements which introduce IP functionality to legacy networks should have their functionality verified in terms of impact on security before deployment in a production environment. This vulnerability is exploited by sending a malformed IP packet with a TCP option of 0xFF over a cellphone to the affected network.
  21. amdphr3@kXP
    [LeapFTP] "PASV" Reply Buffer Overflow Vulnerability PRODUCT : LeapFTP VERSIONS : 2.7.3.600 VENDOR : LeapWare (http://www.leapware.com/) SEVERITY : Critical. Code Execution. The buffer overflow occurs on the stack area if the reply that contains a long string is returned from a server for the "PASV" command request. By exploiting this vulnerability, an attacker can execute an arbitrary code on the user's system if the user connects to the malicious server. With this vulnerability, there could be following risks; * Infection with Virus or Trojan, etc. * Destruction of the system. * Leak or alteration of the local data. SYSTEMS AFFECTED LeapFTP 2.7.3.600 And previous versions may have same vulnerability.
  22. amdphr3@kXP
    [smartFTP] Two Buffer Overflow Vulnerabilities PRODUCT : SmartFTP VERSIONS : 1.0.973 VENDOR : SmartFTP (http://www.smartftp.com/) SEVERITY : Critical. Code Execution. SmartFTP has following two buffer overflow vulnerabilities; 1. The buffer overflow vulnerability in the reply for PWD command. If the reply that contains a long address is returned from a server for "PWD" command request, the buffer overflow occurs on the stack area. By exploiting this vulnerability, an attacker can execute an arbitrary code on the user's system if the user connects to the malicious server. 2. The heap buffer overrun vulnerability in the File List. If the File List that contains a line of long string is returned from a server, the buffer overrun occurs on the heap area. By exploiting this vulnerability, an attacker possibly could execute an arbitrary code on the user's system if the user connects to the malicious server. With these vulnerabilities, there could be following risks; * Infection with Virus or Trojan, etc. * Destruction of the system. * Leak or alteration of the local data.
  23. amdphr3@kXP
    In this post, i will post information on the latest exploits, this will (hopefully) be useful for everyone to help keep their pc's and servers secure
  24. amdphr3@kXP
    in the process of changing it...my host got cut...
  25. amdphr3@kXP
    [crafty] and i started a site. You can find it at http://**********. Not really warez related, just got ftp'z n stuff, u can find the ftpz in our public ftps forum Link edited by admin
×
×
  • Create New...