This is on a Linux 2.2.14 system.
/usr/src/linux/fs/buffer.c: panic("Free list empty");
Sean Trifero <[EMAIL PROTECTED]>
Dima Ruban wrote:
> Mike Tancsa writes:
> >
> > Can anyone confirm the bugtraq posting ? Are the freebsd folks working on
> > a fix ? If so, what versions are effected ?
In message <[EMAIL PROTECTED]> Mike Tancsa writes:
: That was only a snippet. The poster claims to have contacted the freebsd
: team and that they were working on it... I just wanted to know if this were
: the case.
We have the code and it isn't FreeBSD specific.
Warner
To Unsubscribe: send ma
At 02:09 PM 1/20/2000 , jamiE rishaw - master e*tard wrote:
>I have a copy of this, which I am not giving out. I will probably
>fire one off to jkh for sanity,
I've been a good boy, so I hope that, er, Sanity doesn't come down the
chimney of any of the systems I administer before there's a pat
In message <4.2.2.2120172607.0198f1e0@localhost> Brett Glass writes:
: The name "stream.c" makes it sound like a local, not remote, DoS. Does
: it have to be done from inside the system to be effective? I would think
: that, if it came from the outside, it'd be harder to saturate the
: victim.
Hmmm. I haven't started at the stack to see if this is feasible,
but can't the code that implements IPFW's "established" keyword
be used to discard the ACK if it isn't associated with an
active session?
--Brett
At 05:34 PM 1/20/2000 , Warner Losh wrote:
>It is a remote exploit.
>
>Warner
That means that the code path that validates the ACK in the kernel
must be long. Long enough so that you can hose the CPU over, say,
a T1. How does one short-circuit this?
--Brett
At 05:34 PM 1/20/2000 , Warner Losh wrote:
>It is a remote exploit.
>
>Warner
To Unsubscribe: send mail to [E
What versions of FreeBSD are known to be vulnerable to it ?
There appears to be some confusion about whether or not it is a wide
spread problem.
Darren
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
Brett Glass writes:
> At 02:09 PM 1/20/2000 , jamiE rishaw - master e*tard wrote:
>
> >I have a copy of this, which I am not giving out. I will probably
> >fire one off to jkh for sanity,
Terriffic!
> >The problem is, the kernel already (from my understanding) drops bad ACKs
> >pretty quickly
Darren:
Glad to see you are in on this discussion.
The code you use for the "keep state" option in IPFilters might be
able to recognize that the ACK does not belong to an existing
connection. Could a fast check be implemented as a rule under
IPFilters? (If it could, it's probably a one-liner, b
Oops I've answered my own question. IPFW's "established" keyword
only checks the RST or ACK bits; it can't tell if a session is
REALLY established or not. Only a firewall that can save state
(such as IPFilters), or the kernel itself, can do this.
It'd be neat if we could use IPFilters to do a
In message <[EMAIL PROTECTED]> Darren Reed writes:
: What versions of FreeBSD are known to be vulnerable to it ?
:
: There appears to be some confusion about whether or not it is a wide
: spread problem.
All versions of {Free,Open,Net}BSD, Solaris, Linux, etc are vulnerable
to some degree to thi
In some mail from Brett Glass, sie said:
>
> Darren:
>
> Glad to see you are in on this discussion.
>
> The code you use for the "keep state" option in IPFilters might be
> able to recognize that the ACK does not belong to an existing
> connection. Could a fast check be implemented as a rule un
At 06:03 PM 1/20/2000 , Darren Reed wrote:
>If you're using "flags S keep state" or "flags S/SA keep state",
>then as far as I'm aware, having read the code, you are safe.
This might be a workaround. What rule(s) would have to follow it
to block the ACK?
>I'm intrigued to know what the bug is.
In some mail from Brett Glass, sie said:
>
> At 06:03 PM 1/20/2000 , Darren Reed wrote:
>
> >If you're using "flags S keep state" or "flags S/SA keep state",
> >then as far as I'm aware, having read the code, you are safe.
>
> This might be a workaround. What rule(s) would have to follow it
> t
On Thu, 20 Jan 2000, Kai Voigt wrote:
>And to get all this done automatically at boot time, add this
>to your /etc/rc.conf
>
>network_interfaces="de0 lo0" # List of network interfaces (lo0 is loopback).
>ifconfig_de0="inet 195.244.241.123 netmask 255.255.255.0"
>ifconfig_de0_alias0="inet 195.24
15 matches
Mail list logo
