Security :: Error "Sending Internet Explorer "Aurora" Memory Corruption To Client 10.64.35.52"
Jan 23, 2011
I have prob with running Metaspolit tool in BackTrack When i used expolit aurora (windows/shell/bind_tcp) it started a server for me running in my ip addrerss on port 8080
when the target pc trying to access that web an error appear saying : "Sending internet explorer "Aurora" Memory Corruption to client 10.64.35.52" you can check out the attached file hint to solve this prob so the session can start?
I am new to C and linux. My code below does arbitary writes but I cant figure out where or how it does it.
I am calling the insertNode() function with seq = 'MISSISSPPI$' and alphabets = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ$'
Code:
Weird behaviour I should mention is that when I check for NULL pointer in node->child[index], the unassigned values are not null anymore, they point to arbitary memory.
I am using Squid Server from last 5years. There is a site "http://www.firstflight.net", which was accessible before few days but now I am unable to access this site. If I use IE8 then getting below error:
"Internet Explorer cannot display the webpage"
Or using Google chrome getting error:
"This webpage is not available The webpage at http://www.firstflight.net/ might be temporarily down or it may have moved permanently to a new web address. Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error."
This is my first post in these forums. I'm still quite new to Linux (using Mint 9) so please bear with my not-very-articulate question(s)When I boot up and open up a tty terminal I get a message saying "Memory corruption detected in low memory." I've done an extensive google search about the issue and it seems not uncommon. I ran a memtest with no errors returned, so I'm sure that there's nothing really wrong with the memory; apparently it's a bug in the kernel that's causing this.
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
i configured sendmail with squirrelmail in RHEL5.3
it is working fine. i can send the mail and receive the mail .
but when i try to send the mail a selinux error is coming[but mail is sending successfully ]. i don't under stand this message.
Quote:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll (httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this access.Instead, you can generate a local policy module to allow this access - see FAQ(url) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (url) against this package.
When I am trying to run my application on RHEL 6 (Kernel 2.6*), I am getting the following error.*** glib detected *** ./corenms:malloc(); memory corruption : 0x086691d0 ***
I wrote a multithread program(approx 1000 thread have to run) and each thread has to parse a file(for each thread there is one file, ex:thread1 has to parse file1 and thread2 has to parse file2 like this....). I wrote "parse" program as follows. It is working well, if i create 50 threads. but if i run more than 200 thraeds Im getting doublefree corruption as follows:
And some time I am getting parsing problem and error af follows:
Code:
powersetting.6607:1: parser error : Start tag expected, '<' not found (where powersetting.6607 is file name, when i check this file it is started with '<').
I have a desktop PC which initially had the Intel D946gzis mobo, its chipset as video controller, some RAM and so. There I installed Debian without a problem alongside WindowsXP.
I've bought an ASUS HD 4670 video card, installed it on the PC and now the installed Debian does not work, while the Ubuntu live CD refuses to run no matter if I set acpi, apic on or off... it throws me some low memory corruption at position just like shown here. With normal configuration, Debian throws kernel panic (keyboard lights blinking). Anyone have faced this before? Ideas? Thanks!! (meanwhile, debian hides in a virtualbox :'( )
Edited: Tried Ubuntu 9.10 x64 (due to the fact i've a core2duo at 2GHz) and it throws a kernel-panic to me (flashing caps and num LEDs). On screen, can be read different lines with things like:
Is it possible to run Internet Explorer on Ubuntu without using wine? I use some sites which are only compatible with IE. The sites require Internet Explorer version 5.0 or above.
Does anyone know a way to install internet explorer 7-8-9 on ubuntu?I installed ubuntu a couple of month back and I'm start work next month developing websites. Without IE 7-8-9 I need to go back to Windows and I really don't want that
Slow access to web site using squid and Internet explorer.I am trying to troubleshoot an issue I am stuck on. We have a website that is loading .htm documents extremely slow when using Internet Explorer 8 behind Squid. When we bypass the proxy and go directly out to the internet all is fast and pages load fine.But when the proxy is on documents will take sometimes up to 6 minutes to load.This issue is only apparent using Internet explorer 8.I do not see the issue when using firefox with Squid.I have tried to use the no_cache directive thinking it may have been the cache but that didn't work either.I am attaching our access.log, store.log and squid.conf.
I have a very simple php web application deployed on linux (centOS4) machine. It creates a file and stores the file in /tmp folder on my linux machine. The path for this file is specified in the href attribute of the link. Ideally when we click this link the download manager should pop up so that the file can be downloaded on client machine. When i access this website remotely from my window xp machine on firefox it downloads the file properly but when i run on internet explorer (i have IE7 on my windows XP) and click the link, the download manager does'nt pop's up. even when i right-click that link and select save as, an error message pop's up saying "file path not found". possibly IE is not able to determine the linux file path .so how do i work around this. is there some specific way for specifying the linux file paths to be downloaded by IE?
I have configured a squid proxy server with @2 eth in different network subnet and with site blocking and extn file download blocking. One eth0 for office wired network and another eth1 is for office wireless network for laptop use for guest and visitors.
The problem is [URL] is an Indian government website, which is not working though this proxy server and the Internet Explorer is getting very slow and freezing the computer. In alternate I have configured a another test server with squid proxy with out any security and test the same. the problem is still with the all the computer in the network. The above website is perfectly working with Gateway configuration in TCP/IP properties in Network Configuration in MS Windows XP computers but through squid proxy its not working.
We have a situation where we have to set up a server to send traps with information regarding CPU, memory usage, etc. I know snmpd can be set up to allow another process to request snmp information about the server, but can it be done the other way around (have a host send information about itself to another server through snmp)?
I know this is not a win-doze forum but i always ask my questions here so here goes.I am having what appears to be a DNS problem on a friends laptop. He is running windows XP. I CAN connect to networks and even ping websites but i CANNOT browse in Internet Explorer or FIrefox.
i have problem in sending emails using outlook on my client machines i.e XP i am getting the error Relay access denied. i am using fedora 9 as our server. with dovecot and postfix and fetchmail.it was working fine previously .
shed some light on what I am doing. I am wondering if I just havehings back to front.Server (MESH):Fedora 13Firewall ports open tcp 22(ssh), tcp 873(rsync)sshd service started
I am trying to redirect connection to port 8980 to execute a telnet command to a local machine by issuing the following command : In Server 1 : socat TCP-LISTEN:8980,fork EXEC:/myscript,reuseaddr
My script contains #!/bin/bash telnet 192.168.20.12 //local Server 2
I am sending Binary data from the client to Server 2 via Server 1. So it happens that I have some characters in Hex translated to special characters in ASCII like open brackets or Commas etc.. and that closed the socket between the two machines.
Can I make my messages directly appear at client from server? Normally we type tailf /var/log/messages to see messages sent by other machine. So can I send my messages directly at command prompt?
I am seeing log messages that I don't understand. If I run tail -f /var/log/messages, some times I will see this this sort of repeating pattern. I don't know if I have cut at the start of the sequence or not. Incidentally, this is a normaly well-behaved client/host.
[Code].....
Why is the client repeatedly sending the (1/4) message and then timing out?
