Bugtraq mailing list archives
ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x
From: tv () iag net (Todd Vierling)
Date: Mon, 18 Nov 1996 16:06:35 -0500
This is being sent to a couple newsgroups and mailing lists; if these mailing lists don't show the proper Reply-To: header, please direct replies to <tv () iag net> and avoid posting to all lists. To the persons at Sun Microsystems who will be receiving this via blind carbon copy: TAKE NOTE. This is going directly to CERT and CIAC if I can't get a resolution. I've worked with UNIX-based systems including SunOS and Solaris long enough to know what's a problem with the kernel. I have stumbled upon a problem that I can reproduce on all our systems every time, and apparently can be reproduced by other readers of USENET as will be documented below. Simply put, if configured properly, the Pine mail reader, versions 3.94 and 3.95, can *freeze* the Solaris 2.5 and 2.5.1 kernel completely. No core dump or the like--an outright freeze. No TCP/IP pings work--network is frozen. Even the keyboard sometimes freezes and pressing the xxx-Lock keys doesn't light the respective indicator light. This may at first sound like a problem Sun can shun because they "do not support Pine," but think about this: In a protected-memory environment such as Solaris, NO USER PROGRAM SHOULD EVER FREEZE THE COMPUTER. That's what protected memory is for. Pine is not run with any special privileges, only as a regular user--and a regular user does not have the ability to cause the computer to halt. Hence, Pine has triggered a bug in the Solaris kernel--a product of Sun's. I daresay this could exist in releases of Solaris/x86 as early as 2.3, and nothing has been done about it. And if Pine can do it, that means other programs have the same potential. More than anything else right now, I'm looking to see that this problem can be reproduced on other systems. You can most certainly try to reproduce this yourself! You'll need the following to do the experiment: - the binary of Pine 3.95 and the respective .pinerc file from my FTP site at ftp://ftp.iag.net/pub/tv/ -- files "pine.Z" (decompress this) and "pinerc" (name this .pinerc in your home directory). Uh, you can trust the binary--up to the point of system freeze, that is. :/ OR: - GCC version 2.7.2 or 2.7.2.1, NOT the ProCompiler (as I do not know if a ProCompiler compiled version will recreate this). - Pine 3.95 sources from ftp://ftp.cac.washington.edu/pine/pine3.95.tar.gz. You'll need to twiddle some things for "./build sol" to work: make sure that /usr/ccs/bin/ucbcc AND /usr/ccs/bin/cc point to gcc; /usr/ccs/bin is in your path; /usr/ucb is not before /usr/bin or /usr/ccs/bin in your path; and "." is the last entry in your path. - A .pinerc with inbox-path= set to an IMAP server. You can do this by running Pine, going to (S)etup (C)onfig, and setting the value to a server with IMAP (I use {imap.afn.org}INBOX where I have one of my e-mail accounts). Or use the one from my FTP site above. All you should need to do now is run Pine. If you get a login prompt, ^C, (Q)uit, and run it again a few times. Betcha it'll lock the system. It does for us, consistently. I'd love to hear of other reports of this happening. It's quite frustrating to find that a product that has such intense corporate backing has none at all when any outside product is in use (even when the outside product is only triggering a bug in the supported product). My report of this problem was sent in as an "enhancement request," because an outside program was what triggered the error and there was not 100% Sun Supported(tm) software in the setup. Sun Microsystems, you can do better than this. I hope your kernel group finally breaks down to find out what's going on. ===== == Todd Vierling (Personal tv () pobox com; Business tv () iag net) Cast a vote! == == System administrator/technician, Internet Access Group, Orlando Florida == == Dialups in Orange, Volusia, Lake, Osceola counties - http://www.iag.net ==
Current thread:
- rplayd on HPUX 10.1, (continued)
- rplayd on HPUX 10.1 Henrik P Johnson (Nov 19)
- Re: BoS: Magic password of some linux-box(Hardware..) Sergiu Popovici (Nov 19)
- Re: BoS: Magic password of some linux-box(Hardware..) Sergei A. Golubchik (Nov 19)
- Irix: root exploit for LicenseManager Yuri Volobuev (Nov 19)
- Re: BoS: Magic password of some linux-box(Hardware..) moost () xs4all nl (Nov 20)
- Ascend Killer Program Aleph One (Nov 17)
- Serious hole in Solaris 2.5[.1] gethostbyname() (exploit included) Jeremy Elson (Nov 18)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Craig Raskin (Nov 18)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Paul B. Henson (Nov 18)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Russell Street (Nov 18)
- ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Todd Vierling (Nov 18)
- Re: ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Brian Harvell (Nov 20)
- ssh w/ solaris 2.5.[1] Aleph One (Nov 18)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Mike Battersby (Nov 18)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Casper Dik (Nov 19)
- Futile rexecd holes jaeger (Nov 18)
- Re: Futile rexecd holes Roger Espel Llima (Nov 19)
- Irix: new LicenseManager is safe? No way Yuri Volobuev (Nov 22)
- Re: Futile rexecd holes Jon Peatfield (Nov 22)
- Administratrivia Aleph One (Nov 22)
- Administratrivia Scriptors of DOOM (Nov 23)