Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: List Mail User <track@Plectere.com>
List: netbsd-bugs
Date: 01/26/2005 15:04:02
The following reply was made to PR kern/29124; it has been noted by GNATS.
From: List Mail User <track@Plectere.com>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, kern-bug-people@NetBSD.org,
track@Plectere.com
Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
Date: Wed, 26 Jan 2005 07:03:00 -0800 (PST)
>From bounces-netbsd-bugs-owner-track=Plectere.com@NetBSD.org Wed Jan 26 06:26:32 2005
>X-Original-To: netbsd-bugs@netbsd.org
>Delivered-To: netbsd-bugs@netbsd.org
>From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
>To: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
>Reply-To: gnats-bugs@NetBSD.org
>Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
>Date: Wed, 26 Jan 2005 14:26:01 +0000 (UTC)
>Sender: netbsd-bugs-owner@NetBSD.org
>Precedence: list
>
>The following reply was made to PR kern/29124; it has been noted by GNATS.
>
>From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
>To: gnats-bugs@netbsd.org, paul@Plectere.com,
> Andreas Wrede <andreas@planix.com>
>Cc: pcah8322@artax.karlin.mff.cuni.cz
>Subject: Re: kern/29124: Invalid TCP connection (from hacker/spam site) causes diagnostic panic
>Date: Wed, 26 Jan 2005 15:34:36 +0100
>
> On Tue, 25 Jan 2005 23:13:00 +0000, paul wrote:
>
> >>Description:
> > The TCP connection tear-down from a rogue hacker/spammer site will
> > cause repeatable diagnostic panics at line 281 in file kern_timeout (i.e.
> > "to_ticks" >= 0"). I have not (yet) successfully captured a copy of the
> > code transfered of captured a trace of the TCP transaction (it always panics).
>
> See "OpenBSD remote DoS vulnerability":
> http://www.bsdfreak.org/modules/news/article.php?storyid=72 . Could it be
> related? Unfortunately the story doesn't give much deatail, but there are
> some patches.
>
> Bye Pavel
>
>
Looks like it might be related, but the article specifically mentions
that it is a local exploit even though the title is "Remote DoS vulnerability";
The problem being discussed so far is definitely a remote exploit. Also, the
problem in the article seems to occur during a TCP session, I only see the
problem at the end of a connection (i.e. at teardown time).
Still, it looks very similar in nature (and the report is from just last
week, the fix is from about two weeks ago).
Paul Shupak