Bugtraq mailing list archives

syndrop / modified version

From: ted () sy net (Ted Hickman [Network Admin])
Date: Wed, 15 Apr 1998 16:36:51 -0400


Dear Sir or Madam,

                Forgive me for this is my first post.  However at
about 12:00 am this morning my machine crashed.

Machine info:
dual 233 mhz smp
256 megs of ram
2.0.33 + solar designer's patch

I was curious as it had an 80 day uptime as to why it crashed.  I found
this in the syslog:

Apr 15 00:44:02 shell kernel: Warning: kfree_skb passed an skb still on
a list (from 03608164).
Apr 15 00:44:02 shell kernel: general protection: 0000
Apr 15 00:44:02 shell kernel: CPU:    0
Apr 15 00:44:02 shell kernel: EIP:    0010:[kfree_skb+146/248]
Apr 15 00:44:02 shell kernel: EFLAGS: 00010206
Apr 15 00:44:02 shell kernel: eax: 00000000   ebx: 40095c44   ecx:
00000030   edx: 00000001
Apr 15 00:44:02 shell kernel: esi: 03608164   edi: 00000000   ebp:
03608138   esp: 001d8738
Apr 15 00:44:02 shell kernel: ds: 0018   es: 0018   fs: 002b   gs:
0018   ss: 0018

I thought that perhaps this was a DOS so I consulted #linux and found
that 5 to 10 other people were experiencing similiar attacks.
With the recent release of syndrop I figured it might be this DOS.
I tried syndrop on myself only to find out that it gave the same error
msg however no crash:

Apr 15 08:48:22 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059ff1c).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 01000058).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059fc28).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059fe20).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059ff1c).

So I figure that this is a modified version of syndrop.  If this has
been reported could you direct me to the patch as my machine has crashed
with the same symptoms about 3 times today.

--

Theodore D. Hickman Jr.
Director of Network Administration
1 (800) 957 0047
ted () sy net

Syberspace Corporation
http://www.sy.net
883 Cooper Landing
Rd #244
Cherry Hill, NJ 08002

Current thread:

Linux 2.0.33 vulnerability: fragment patterns, (continued)
- - - Linux 2.0.33 vulnerability: fragment patterns Alan Cox (Apr 16)
    - Linux 2.0.33 vulnerability: oversized packets Michal Zalewski (Apr 17)
    - Linux 2.0.34pre10: Summary of fixed vulnerabilities Alan Cox (Apr 20)
    - Re: Linux 2.0.33 vulnerability: oversized packets Jon Lewis (Apr 20)
    - Re: Linux 2.0.33 vulnerability: oversized packets Krzysztof G. Baranowski (Apr 21)
    - code to crash cistron's radius Hamdi Tounsi (Apr 21)
    - nestea v2. The program that DoS's 2.0.33s The Tree of Life (Apr 18)
    - xdm problems Thomas Roessler (Apr 16)
    - Re: xdm problems Matthieu Herrb (Apr 20)
    - SECURITY: procps 1.2.7 fixes security hole Aleph One (Apr 20)
  - syndrop / modified version Ted Hickman [Network Admin] (Apr 15)
- Re: APC UPS PowerChute PLUS exploit... Carl Dunham (Apr 21)