Bugtraq mailing list archives

DUMP of NT system crash

From: vytasvy () OSF LT (Vytautas Vysniauskas)
Date: Mon, 7 Apr 1997 14:31:57 +0300


                   TCP/IP session dump
                   --------------------
                of Windows NT 4.0 system crash
                --------------------------------

This message is a continuation of my previous letter on the topic
about Windows NT system crash while responding to disk share requests
for UNIX (Linux) clients.

Today (April 7, 1997) I have reproduced system crash on another NT system.
It was Packard Bell computer :
P5/100, 24Mb RAM, ATAPI 1.2 dual channel PCI IDE controller,
 3c509 (ISA) ethernet card.
I was able to produce system dump, which  already was sent to
Microsoft Windows NT Test group.

This computer has the same packs/hotfixes installed:
Windows NT version 4.0, build 1381, Service Pack 2
Q135707Q141239NTOSKRNLFIX
Q163213 TCPIP DRIVER UPDATE
Q163333SERIALFIX
RPC SERVER CPU USAGE FIX


In addition, very handfull information is TCP/IP session dump between
a client and server. I have compared two sessions:

1) correct session between properly configured Linux client (client A)
   and  NT host (host H)

2) "wrong" session between incompatible Linux client (client B)
   and the same NT host (host H). In this case host H crashes immediatelly.

There is also NT server (host S) which is WINS server for NT workstation H.

client A:
Linux 2.0.29. smbmount utility is compiled for this
kernel version, so it is "correct" client which can mount remotely
host H disk and to see contents of the mount point.

client B:
Linux 2.0.25. This client has compatibility problem,
because smbmount utility requires kernel version 2.0.29. This session
produces NT system crash.

host H:
NT 4.0 workstation

host S:
NT 4.0 server

session between Linux client and NT workstations is:

./smbmount //H/service /mnt -U client_name
(password: some_password)
ls /mnt                 (at this point "wrong" session breaks NT system)
./smbumount /mnt


TCP/IP session listing is available at:
ftp://puni.osf.lt/windows/tcpipdump.gz (~5k)
(md5summ is a75a618b7e390e3945ad8a26f9753725)

Hope, it will help to detect what's wrong with NT system.


========================================================
Vytautas Vysniauskas       e-mail: vytasvy () osf lt
                              tel: +370-2-611408
UNIX systems administrator
Open Society Fund of Lithuania,
========================================================

Current thread:

Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
  - Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
  - Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
- FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Aleph One (Apr 07)
- CERT Advisory CA-97.09 - Vulnerability in IMAP and POP Aleph One (Apr 07)
- [linux-security] amd 920824upl102 ignores the nodev option Aleph One (Apr 08)