http://www.inkatel.com/index.php Thu, 05 Jun 2008 09:56:19 +0000 http://backend.userland.com/rss092 en Idefense has published my advisory about a potential security vulnerability in Skype. Explotation of this issue allows an attacker to execute arbitrary code. To exploit it, an attacker needs to construct and send to the victim (as a skype chat message) a malicious file: URI. There are two flaws with this ... http://www.inkatel.com/index.php/2008/06/05/skype-file-uri-security-bypass-code-execution-vulnerability/ There is a new Tvision version (released on 20/11/2007). You need it if you want to recompile Tvision for IDAPro 5.2. The patch to launch IDA in background doesn't work with this Tvision package, so i have released a new patch for it. Enjoy it. Tvision patch for IDALinux (Version 0.2) ... http://www.inkatel.com/index.php/2008/05/16/idalinux-in-background-new-patch-for-tvision-release-20112007/ The three load-average values in the first line of top output (you could use uptime or w (who) command too) are the 1-minute, 5-minute and 15-minute load average of the system. But what does load average really mean?. Reading from left to right, these values are the CPU load average ... http://www.inkatel.com/index.php/2008/02/18/load-average-what-does-it-mean/ This is my last discovered vulnerability. It's a vulnerability in a Trend Micro product. Read the Idefense advisory. I had developed a PoC for W2K SP4 however a PoC for WinXP is hard to develop because i couldn't find a call esp, or similar instruction, with an unicode address ... http://www.inkatel.com/index.php/2007/09/16/trend-micro-ssapi-long-path-buffer-overflow-vulnerability/ In april I shared with Eset two discovered vulnerabilities (two stack overflow) in NOD32 Antivirus. they are very basic threats but can lead to local/remote arbitrary code execution. Eset was contacted on April 19 and I receive a fast response. The comunication with Eset had been great, and the threats were ... http://www.inkatel.com/index.php/2007/05/20/nod32-antivirus-long-path-name-stack-overflow-vulnerability/ Sometime, when you are compiling some big applications inside UML, you can get a UML hang with the error: Bus error - the /dev/shm or /tmp mount likely just ran out of space Kernel panic - not syncing: Kernel mode signal 7 After some research and googling i could solve the problem. ... http://www.inkatel.com/index.php/2007/04/12/user-mode-linux-bus-error-the-devshm-or-tmp-mount-likely-just-ran-out-of-space/ Ida use Linux Tvision to show the Ida interface in Linux systems. This library doesn't allow I/O redirections (redirected stdin/stdout), launch ida in background (with &) or launch ida from a script in a webserver. Sometimes is useful to launch ida in background (with -B option, automated ida analysis with idc ... http://www.inkatel.com/index.php/2006/11/17/idalinux-in-background-or-without-output-to-the-screen/ Last week i was trying to resize a W2K3 partition of a vmware disk image. I couldn't install Partition Magic 7, because it's not compatible for W2K3 Server, and i was lost since a find a great utility from MS: Diskpart. With this command line tool is easy to resize ... http://www.inkatel.com/index.php/2006/10/17/diskpart-or-how-to-resize-a-partition-in-w2k3/ Here i am again. I succesfully compiled IdaPython 0.8.0 for Ida Pro 5.0 . I used 4.9 sdk version (yes, finally Ida SDK is compatible between versions, thanks Ilfak), but when i tried to use MySQLdb module (import MySQLdb) in a script inside Ida, i got the following error: ImportError: /usr/lib/python2.4/site-packages/_mysql.so: ... http://www.inkatel.com/index.php/2006/07/20/idapython-with-mysqldb-support/ After hours of probes, i have finally compile Linux TVision for IDA Pro. First of all, you need idasdk (i have use idasdk49): 1. Cd to idasdk directory 2. Untar & Unzip TVision source code (http://www.datarescue.com/freefiles/tvision_level_l.tgz) in idasdk directory. 2b. [NEW] Edit the allmake.unx file to modify path to the sdk (the IDA ... http://www.inkatel.com/index.php/2006/06/30/howto-compile-linux-tvision-for-ida-pro/