Bugtraq mailing list archives

New possible exploit for 2.0.33 (kfree_skb error)

From: xerox () GROOVY FOONET NET (Paul)
Date: Wed, 15 Apr 1998 12:53:47 -0500


I have received this message on multiple machines in the past 3 days..
This could be the sign of a new exploit. I have also managed to find a few
others on IRC that have had the same exact error message. If anyone knows
what exactly causes it and how to fix it please let us know.   The
"syndrop" program generates the kfree error but it does not crash the box
(at least the one that I have tested)
Here is the error:

Apr 14 23:51:36 web1 kernel: Warning: kfree_skb passed an skb still on a
list (from 0286a554).
Apr 14 23:51:36 web1 kernel: general protection: 0000
Apr 14 23:51:36 web1 kernel: CPU:    0
Apr 14 23:51:36 web1 kernel: EIP:    0010:[kfree_skb+146/244]
Apr 14 23:51:36 web1 kernel: EFLAGS: 00010206
Apr 14 23:51:36 web1 kernel: eax: 00000000   ebx: 40095c44   ecx: 0019d9ec
edx: 07abe414
Apr 14 23:51:36 web1 kernel: esi: 0286a554   edi: 00000000   ebp: 0286a528
esp: 00198cc4
Apr 14 23:51:36 web1 kernel: ds: 0018   es: 0018   fs: 002b   gs: 0018
ss: 0018
Apr 14 23:51:36 web1 kernel: Process swapper (pid: 0, process nr: 0,
stackpage=00196e60)
Apr 14 23:51:36 web1 kernel: Stack: ffffffec 077a8958 0286a554 00142278
0286a554 00000000 077a8958 00000000
Apr 14 23:51:36 web1 kernel:        077a8958 03bd8e18 00000040 00000040
0286a528 0286a554 00142661 077a8958
Apr 14 23:51:36 web1 kernel:        0000002e 0000cb0c 0000cb3c 001b0008
00000000 03bd8e18 0000002c 00000014

-----------------------------------------------------------------------------

Current thread:

Re: APC UPS PowerChute PLUS exploit..., (continued)
- Re: APC UPS PowerChute PLUS exploit... Richard Peters (Apr 13)
- GSM SIMs cloned ! Rop Gonggrijp (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 13)
- (follow-up) Wietse's RPCBIND Chiaki Ishikawa (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Chris Liljenstolpe - Network Engineer (Apr 12)
  - Re: APC UPS PowerChute PLUS exploit... Iain P.C. Moffat (Apr 13)
  - IRIX LicenseManager(1M) Vulnerabilities SGI Security Coordinator (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Rick Perry (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 14)
  - Re: APC UPS PowerChute PLUS exploit... Scott Stone (Apr 14)
  - New possible exploit for 2.0.33 (kfree_skb error) Paul (Apr 15)
    - Re: New possible exploit for 2.0.33 (kfree_skb error) Alan Cox (Apr 15)
    - Linux 2.0.33 vulnerability: fragment patterns Alan Cox (Apr 16)
    - Linux 2.0.33 vulnerability: oversized packets Michal Zalewski (Apr 17)
    - Linux 2.0.34pre10: Summary of fixed vulnerabilities Alan Cox (Apr 20)
    - Re: Linux 2.0.33 vulnerability: oversized packets Jon Lewis (Apr 20)
    - Re: Linux 2.0.33 vulnerability: oversized packets Krzysztof G. Baranowski (Apr 21)
    - code to crash cistron's radius Hamdi Tounsi (Apr 21)
    - nestea v2. The program that DoS's 2.0.33s The Tree of Life (Apr 18)
    - xdm problems Thomas Roessler (Apr 16)
    - Re: xdm problems Matthieu Herrb (Apr 20)

(Thread continues...)