Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: List Mail User <track@Plectere.com>
List: netbsd-bugs
Date: 01/26/2005 15:04:02
The following reply was made to PR kern/29124; it has been noted by GNATS.

From: List Mail User <track@Plectere.com>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, kern-bug-people@NetBSD.org,
	track@Plectere.com
Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
Date: Wed, 26 Jan 2005 07:03:00 -0800 (PST)

 >From bounces-netbsd-bugs-owner-track=Plectere.com@NetBSD.org Wed Jan 26 06:26:32 2005
 >X-Original-To: netbsd-bugs@netbsd.org
 >Delivered-To: netbsd-bugs@netbsd.org
 >From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
 >To: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
 >Reply-To: gnats-bugs@NetBSD.org
 >Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
 >Date: Wed, 26 Jan 2005 14:26:01 +0000 (UTC)
 >Sender: netbsd-bugs-owner@NetBSD.org
 >Precedence: list
 >
 >The following reply was made to PR kern/29124; it has been noted by GNATS.
 >
 >From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
 >To: gnats-bugs@netbsd.org, paul@Plectere.com,
 >	Andreas Wrede <andreas@planix.com>
 >Cc: pcah8322@artax.karlin.mff.cuni.cz
 >Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
 >Date: Wed, 26 Jan 2005 15:34:36 +0100
 >
 > On Tue, 25 Jan 2005 23:13:00 +0000, paul wrote:
 > 
 > >>Description:
 > > 	The TCP connection tear-down from a rogue hacker/spammer site will
 > > cause repeatable diagnostic panics at line 281 in file kern_timeout (i.e.
 > > "to_ticks" >= 0").  I have not (yet) successfully captured a copy of the
 > > code transfered of captured a trace of the TCP transaction (it always panics).
 > 
 > See "OpenBSD remote DoS vulnerability":
 > http://www.bsdfreak.org/modules/news/article.php?storyid=72 . Could it be
 > related? Unfortunately the story doesn't give much deatail, but there are
 > some patches.
 > 
 > Bye	Pavel
 > 
 >
 
 	Looks like it might be related, but the article specifically mentions
 that it is a local exploit even though the title is "Remote DoS vulnerability";
 The problem being discussed so far is definitely a remote exploit.  Also, the
 problem in the article seems to occur during a TCP session, I only see the
 problem at the end of a connection (i.e. at teardown time).
 
 	Still, it looks very similar in nature (and the report is from just last
 week, the fix is from about two weeks ago).
 
 	Paul Shupak