OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: 3 Solaris reboot in 3 days
From: J. Oquendo (intrusionENGINEER.COM)
Date: Sat Jul 29 2000 - 20:09:41 CDT

Actually something similar may have carried over on to Sol 2.7 and 8 as well which I meant to bring up before but never got around to untarring my logs.

After installing ipf under Sol (both versions) and nmap'ing my machine I got kernel panics over and over again in which the machine went down for rebooting on its own. Both in 32 and 64 bit modes.

Next time I turn on my machine at home I'll trace back the problem and post it.

------Original Message------
From: mixter2XS.CO.IL
To: INCIDENTSSECURITYFOCUS.COM
Sent: July 28, 2000 8:33:28 PM GMT
Subject: Re: 3 Solaris reboot in 3 days

There is a definitive remote DoS out for solaris 2.6 without this
patch and any lower solaris box. affected systems crash when a
nmap OS fingerprinting is done against a port of a service run
by inetd (if the port closes after/while being scanned).. an exploit that
can reproduce/test this is available at http://mixter.void.ru/soltera.c

On Fri, 28 Jul 2000, Xavier Mertens wrote:

> Hi *,
>
> Strange... We had 3 Solaris (2.6) box reboot in 3 days. All servers had
> the same problem:
>
> Jul 28 13:47:41 orion savecore: reboot after panic: recursive mutex_enter, lp=6147dcec owner=613cade0 thread=613cade0 type=0 tsid=0
>
> There exist a patch against this problem (105529-09) but 3 reboots in 3 days
> look strange! :(
>
> Heard anything about a new exploit?
>
> Regards,
> X
>
> --
> Xavier Mertens, . . EuroNet Internet "Contrary to popular belief,
> NOC Manager . * a subsidiary of Unix is userfriendly. It
> XM3-RIPE XM1-6BONE . France Telecom just happens to be selective
> about who it makes friends
> with."
>

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup