Vulnerability Development mailing list archives
RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
From: Yanek Korff <yanek () cigital com>
Date: Wed, 14 Nov 2001 12:34:46 -0500
-----Original Message----- From: Olaf Kirch [mailto:okir () caldera de] Sent: Wednesday, November 14, 2001 11:40 AM To: Yanek Korff Cc: 'ed.rolison () power alstom com'; vuln-dev () securityfocus com Subject: Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 On Wed, Nov 14, 2001 at 11:27:48AM -0500, Yanek Korff wrote:Unfortunately, I don't think this is the case. If a tablewere being filledup, I'd expect the FW to stay up for some period of timebefore eventuallycrashing. Here are some relevant facts: 1. Linux FW crashes -immediately- before it has theopportunity to log a udppacket with tcpdump 2. Scans complete successfully against NT 4.0 and Solaris-x86There was a problem (kernel lockup) with certain types of UDP packets a few months ago (it could be though that happened only for locally generated packets). All vendors released fixes for these. Could be the scan checks for this vul. Check your vendor's security page for details.
Would not the OS itself crash without the FW kernel module loaded whena UDP scan was initiated? When the machine is running without the FW active, it stays up fine. I am running the latest updated kernel (source RPM) from RedHat in the 2.2.x kernel sequence. I've tried the -T Paranoid switch; the system crashes with the VERY FIRST UDP packet, regardless of which port it's sent to. I subsequently re-enabled icmp, as a "before last" implied rule... And I see this: Initiating UDP Scan against (64.80.176.11) 12:43:34.168842 nmap_source.58153 > fw_under_test.973: udp 0 12:43:34.274503 fw_under_test > nmap_source: icmp: 64.80.176.11 udp port 973 unreachable And that's the last packet I get from the machine. If I run nslookup on nmap_source, set my server to fw_under_test, and attempt to resolve something (even though fw_under_test is not running a nameserver), the fw_under_test does not crash. It merely replies with udp port unreachable and stays up. Ideas? -Yanek.
Current thread:
- kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Yanek Korff (Nov 14)
- Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Blue Boar (Nov 14)
- Fw: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Scott Walker Register (Nov 14)
- <Possible follow-ups>
- Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 ed . rolison (Nov 14)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Yanek Korff (Nov 14)
- Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Olaf Kirch (Nov 14)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Yanek Korff (Nov 14)
- Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Blue Boar (Nov 14)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Yanek Korff (Nov 14)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Yanek Korff (Nov 19)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Scott Walker Register (Nov 27)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Ron DuFresne (Nov 27)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Scott Walker Register (Nov 27)
- RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 Scott Walker Register (Nov 27)