Re: some new remote exploit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 7 Apr 2003, Jure Pecar wrote:

> I just had a weird expirience ... In a server system, running a free webmail 
> service, i started getting weird oopsen.

	Both kernel versions are vulnerable to ptrace exploit (localy) 
(you said you-re running a free webmail, this mean cgi/php/whatever). 
Both kernels may not have been patched against NIC drivers problem which 
is possible remotely exploatable.

> Error (expand_objects): cannot stat(/lib/ext3.o) for ext3
> ksymoops: No such file or directory
> Error (expand_objects): cannot stat(/lib/jbd.o) for jbd
> ksymoops: No such file or directory
> Error (expand_objects): cannot stat(/lib/raid1.o) for raid1
> ksymoops: No such file or directory
[snip]

	What is this?

> but to press the reset button. Then, it started appearing again
> seconds after the box came up. After another reboot at around 15:46,
> it stopped. There are 517 oopsen recorded in the log from 15:12:31 to
> 15:39:34.
> 
> 
> Any ideas?

> attack. system_call is the common point in oopsen on both machines.
> Any ideas how to mess with this remotely?

	keywords: nic padding, maybe odirect.

-- 
Tarhon-Onu Victor
Network and System Engineer
RDS Iasi - Network Operations Center
Phone: +40-232-218385



_______________________________________________
Redhat-devel-list mailing list
Redhat-devel-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/redhat-devel-list

[Index of Archives]     [Kernel Newbies]     [Red Hat General]     [Fedora]     [Red Hat Install]     [Linux Kernel Development]     [Yosemite News]

  Powered by Linux