XXX4Fans
level1 from patreon
level1

patreon


Level1... Diagnostics?

Level1 Diagnostics -- this is a work in progress, but we will probably make it live tomorrow with more and adjusted broll.

Any information security folks out there? Let us know what you think.

So what we have here is a video about the utilities from AMD installation and configuration of NVME raid. It isn't about nvme raid -- but about the general weirdness of the drivers.

Install NVMe RAID and you get two apache web server processes installed and open to the network -- one running Xampp (yes, the very same Xampp that web developers use for local development) and one running some PHP scripts that execute the raid management software.

There appear to be serious software vulnerabilities in both the xampp installation and the PHP installation that runs the raid drivers, though we don't really get into the specifics of that.

The apache process is running with system level privileges, and no <Directory /> or openbasedir= restrictions as safeties in the config. 

This will be updated with more broll tomorrow, or recut if y'all find it weird, confusing, or not an interesting trip down the rabbit hole. 

Comments

Ah ok so they took the config out of xampp if I understand correctly... they should know how to configure that themselves :D

At least it's not what Corsair did with their Corsair Link utility. Up to I don't remember which version, they put their shit on port 8080. It wasn't actual "service" either, they just registered it with the internal web server (managed through `netsh` http context). You wouldn't even notice it until try to register ssh tunnel socks proxy to port 8080 out of a habit.

Max

xampp is just a set of configurations for apache, mysql, php and perl. Except in the amd driver case mysql and perl are deleted. so its apache + php + other stuff

Level1 Techs

?

Level1 Techs

So the apache part I get what it does, but I haven't really understood what exactly the XAMPP part does. The apache part is used for the frontend, ok fine. But what does the XAMPP part do? I mean XAMPP is also database (and PHP, which is used). Did they just take the tools and config from XAMPP or what. Didn't quite get the relation between both apache and XAMPP being there...

So this was that AMD bug you were talking about X amount of streams ago. Interesting it is, show more as they say.

This new segment ?, show is great i like the specific subject approach. Is a format like this useable for other things like: gpu, cpu, lan problems?

Not had a chance to watch it as of yet, but the subject seems very interesting even with any weirdness included.

man a web server to run your raid array....its iffy

Marten

First


Related Creators