rejetto forum

HFS Vulnerabilities?

Slyke · 6 · 1952
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

Offline Slyke

  • Occasional poster
  • *
    • Posts: 6
    • View Profile
on: July 23, 2007, 02:23:32 PM
Hello everyone!

For a university assignment i'm to discuss the vulnerabilities of any server program or OS.

I'm then to also talk about the solution, and the cost of implementing the solution to fix the vulnerability(s).

Since HFS is free and hasn't really been hacked before and the fact that no one in the campus has done an assignment on HFS in previous years, i thought it was a good idea to do my assignment on HFS (It would also promote it supose for who ever reads my assignment in the future).

Alls i need to know is any vulnerability on any version of HFS and a way to fix it (if any). You don't need to do the assignment for me, just so i can start researching on the things that you've told me.

The better the vulnerability the better the mark i get (for example, a DoS attack, or something requiring physical access to the machine won't get very high marks).

I've already scouted the forum, but it can't find anything, so i thought i'd ask directly.

Any way, i thank you for your input!
« Last Edit: July 23, 2007, 02:42:47 PM by Slyke »

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13510
    • View Profile
Reply #1 on: July 23, 2007, 03:05:46 PM
there have been a couple of security problems in HFS history.
but mild risk, like seeing hidden files in the VFS.
no buffer overlflow, no control of remote machine, etc.
anyway, to find these problems you should read the long list of bugs fixed in the "what's new", on the website. it takes several minutes.

ebola

  • Guest
Reply #2 on: July 23, 2007, 03:12:13 PM
Hi

Try to contact Azag.
He is running a website on HFS with - let's say - very high potential to get hacked.
But afaik in the last years he hadn't any problems with that but maybee he stumbeld across something and tells you.

Using HFS as a pure fileserver (as it is designed for) didn't gave me headache's in the past.

ebola

Offline Slyke

  • Occasional poster
  • *
    • Posts: 6
    • View Profile
Reply #3 on: July 23, 2007, 03:27:35 PM
kk, thanks and will do!

Offline ledufe

  • Tireless poster
  • ****
    • Posts: 272
  • LEandro DUpont FErreira
    • View Profile
    • http://ledufe.no-ip.info:2222
Reply #4 on: July 23, 2007, 07:19:29 PM
i dont know if this would help your study, but since you asked for some flaw in ANY server and it fix, well, the VNC from realvnc is a server and a client right? and in the version 4.1.1 there was a huge secure flaw that would let anybody get in withou password, and there is even a tool that seach for vnc server running this version to explore this secure flaw(search in google) and now it is fixed with the version 4.1.2
i hope that it helps in some way
<<LeDuFe>>

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13510
    • View Profile
Reply #5 on: August 02, 2007, 11:32:14 AM
and let me know if you ever do any work on HFS

Pages: 1