An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.

Nanometrics Centaur version 4.3.23 suffers from an unauthenticated remote memory leak vulnerability.

Red Hat Security Advisory 2020-1715-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2020-1735-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include denial of service and memory leak vulnerabilities.

Red Hat Security Advisory 2020-1984-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.

SGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.

SGI Security Advisory 20040507-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions the /usr/sbin/cpr binary can be forced to load a user provided library while restarting the checkpointed process which can then be used to obtain root user privileges. All versions of IRIX prior to 6.5.25 are affected.

SGI Security Advisory 20040601-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which can be used to obtain root user privileges. Patches have been released for this and other issues. At this time, IRIX versions 6.5.20 to 6.5.24 are considered susceptible.

NetBSD Security Advisory 2004-010 - Some of the functions in /usr/src/sys/compat/ which implement execution of foreign binaries (such as Linux, FreeBSD, IRIX, OSF1, SVR4, HPUX, and ULTRIX) use argument data in unsafe ways prior to calling the kernel syscall.

iDEFENSE Security Advisory 01.13.05-3 - Local exploitation of a design error vulnerability in the inpview command included in multiple versions of Silicon Graphics Inc.'s IRIX could allow for arbitrary code execution as the root user. iDEFENSE has confirmed the existence of this vulnerability in SGI IRIX version 6.5.9 (feature) and 6.5.22 (maintenance).

Secunia Security Advisory - Two vulnerabilities have been reported in SGI IRIX, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and disclose some sensitive information.

iDEFENSE Security Advisory 04.07.05 - Local exploitation of an information disclosure vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX Operating System could allow for the disclosure of sensitive information such as the root user's password hash. The vulnerability specifically exists in the way that gr_osview opens user-specified description files without dropping privileges. When this is combined with the debug option, it is possible to dump a line from an arbitrary file, regardless of its protection.

iDEFENSE Security Advisory 04.07.05 - Local exploitation of a file overwrite vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX operating system could allow for the overwriting of arbitrary files, regardless of permissions. The vulnerability specifically exists in the way that gr_osview opens user specified files without dropping privileges. When a file is specified using the -s option, it will be opened regardless of permissions, and operating system usage information will be written into it.

Secunia Security Advisory - A security issue has been reported in SGI IRIX, which potentially can be exploited by malicious users to disclose and modify sensitive information.

Secunia Security Advisory - SGI has acknowledged a vulnerability in IRIX, which can be exploited by malicious people to compromise a vulnerable system.

Snare for Apache provides a remote distribution facility for Apache Web server logs. It is known to run on most Unix variations, including Linux, Solaris, AIX, Tru64, and Irix. Snare for Apache can be used to send data to either a remote or local SYSLOG server, or the Snare Server for centralized collection, analysis, and archival.

Snare for Squid provides a remote distribution facility for Squid proxy server logs, and is known to run on most Unix variations, including Linux, Solaris, AIX, Tru64, and Irix. Snare for Squid can be used to send data to either a remote or local SYSLOG server, or the Snare Server for centralized collection, analysis, and archival.

iDEFENSE Security Advisory 10.10.05-1 - Local exploitation of a design error vulnerability in the runpriv command included in multiple versions of Silicon Graphics Inc.'s IRIX could allow for arbitrary code execution as the root user. iDEFENSE has confirmed the existence of this vulnerability in SGI IRIX version 6.5.22 (maintenance). It is suspected that previous and later versions of both the feature and maintenance revisions of IRIX 6.5 are also vulnerable.

SGI IRIX 6.5 local root exploit that makes use of /usr/sysadm/bin/lezririx.

SGI IRIX 6.5 /usr/sysadm/bin/runpriv local root exploit.

IRIX MIPS processor shellcode. Tested on R12000 process with system IRIX64 6.5.26m.

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.

rpc.pcnfsd suffers from a syslog related format string vulnerability. IBM AIX versions 6.1.0 and below, IRIX 6.5 and HP-UX versions 11.11, 11.23 and 11.31 are all affected.

fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.

IRIX suffers from local kernel memory disclosure and denial of service vulnerabilities.

Secunia Security Advisory - A vulnerability has been reported in SGI IRIX, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service).

fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.

Sites designed by IRIX suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.

SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.

Malware Analysis Part I - This guide is the first part of a series of three where we begin with setting up the very foundation of a analysis environment; the analysis station. It will give the reader a quick recap in the different phases of malware analysis along with a few examples. It will then guide the reader in how to build an analysis station optimized for these phases. Along with this, the guide also introduces a workflow that will give the reader a good kick-start in performing malware analysis on a professional basis, not only on a technical level.

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

PalmCrack, the password testing tool for the Palm Computing Platform. Designed to help security professionals determine the strength of passwords, PalmCrack is able to check UNIX and NT passwords against a dictionary and decrypt certain Cisco router passwords. PalmCrack runs on PalmOS 2 and PalmOS 3 devices, including the PalmPilot Professional through the PalmVII and the IBM WorkPad series.

Documentation for TBA, the first wardialer for the PalmOS platform. In Microsoft Word format.