Bugtraq mailing list archives

Re: New possible exploit for 2.0.33 (kfree_skb error)

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 15 Apr 1998 23:44:03 +0100

This could be the sign of a new exploit. I have also managed to find a few
others on IRC that have had the same exact error message. If anyone knows
what exactly causes it and how to fix it please let us know.   The
"syndrop" program generates the kfree error but it does not crash the box
(at least the one that I have tested)


I've been given 2 copies of a syndrop program, and right now I can make
neither break my boxes. Which is proving in this case troublesome to fixing
things. If its directly syndrop related then firewalling packets from
your source address incoming via external interfaces should block it.
Remember also to cover 127.*

0286a554 00000000 077a8958 00000000
Apr 14 23:51:36 web1 kernel:        077a8958 03bd8e18 00000040 00000040
0286a528 0286a554 00142661 077a8958
Apr 14 23:51:36 web1 kernel:        0000002e 0000cb0c 0000cb3c 001b0008
00000000 03bd8e18 0000002c 00000014


Below this there should be a function trace, although your stack trace
looks a bit weird in itself. The call trace is important.

Im looking into these but the more info I get the better

Alan

Current thread:

GSM SIMs cloned !, (continued)
- GSM SIMs cloned ! Rop Gonggrijp (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 13)
- (follow-up) Wietse's RPCBIND Chiaki Ishikawa (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Chris Liljenstolpe - Network Engineer (Apr 12)
  - Re: APC UPS PowerChute PLUS exploit... Iain P.C. Moffat (Apr 13)
  - IRIX LicenseManager(1M) Vulnerabilities SGI Security Coordinator (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Rick Perry (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 14)
  - Re: APC UPS PowerChute PLUS exploit... Scott Stone (Apr 14)
  - New possible exploit for 2.0.33 (kfree_skb error) Paul (Apr 15)
    - Re: New possible exploit for 2.0.33 (kfree_skb error) Alan Cox (Apr 15)
    - Linux 2.0.33 vulnerability: fragment patterns Alan Cox (Apr 16)
    - Linux 2.0.33 vulnerability: oversized packets Michal Zalewski (Apr 17)
    - Linux 2.0.34pre10: Summary of fixed vulnerabilities Alan Cox (Apr 20)
    - Re: Linux 2.0.33 vulnerability: oversized packets Jon Lewis (Apr 20)
    - Re: Linux 2.0.33 vulnerability: oversized packets Krzysztof G. Baranowski (Apr 21)
    - code to crash cistron's radius Hamdi Tounsi (Apr 21)
    - nestea v2. The program that DoS's 2.0.33s The Tree of Life (Apr 18)
    - xdm problems Thomas Roessler (Apr 16)
    - Re: xdm problems Matthieu Herrb (Apr 20)
    - SECURITY: procps 1.2.7 fixes security hole Aleph One (Apr 20)

(Thread continues...)