OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: leaky kernel ? ;)

Re: leaky kernel ? ;)

Subject: Re: leaky kernel ? ;)
From: Andrei D. Caraman (adcKILI.MEDIASAT.RO)
Date: Thu Dec 30 1999 - 04:09:15 CST

On Wed, Dec 29, 1999 at 10:28:02PM +0100, mIV wrote:
> OK, there's RH 6.1 on 2.2.13. Let's take a look at /var/log/messages:
>
> Dec 2 13:28:48 pentium kernel: age....
> Dec 2 13:28:55 pentium kernel: 65 lated me
> Dec 2 13:28:58 pentium kernel: 6C original
> Dec 2 13:28:58 pentium kernel: ine as
> Dec 2 13:29:07 pentium kernel: age....
> Dec 2 13:29:14 pentium kernel: ge....-
> Dec 11 14:21:46 pentium kernel: 20 ...This
> Dec 11 14:22:49 pentium kernel: 3em te=B
> Dec 11 14:22:53 pentium kernel: 4B , ze ACK
>
> and so on ... Do you know where are these strings from ? I'll tell ya.
> It's all from my mail fetched by fetchmail (via PPP). OK, these were
> strings but we have also sth like this:
>
> Dec 13 22:24:38 pentium kernel: 40 21 4C BB F4 6F 5F DD !L..o_.
> Dec 13 22:24:39 pentium kernel: C4 41 74 3F BD 54 47 B9 .At?.TG.
>
> These in turn look like some kind of binary dump. Apparently not only mail
> fragments land in my logs. It seems that entire net traffic is affected.

You have options "debug" and "kdebug 7" activated for your pppd.
Turn off debug, or at least decrease kdebug to 1, which should be enough
for debugging connection initialization.

> There's no need for sniffer in this case ;)
>
> That's not good when some net packets are dumped to system logs, is it ?
> Is it a bug ? If so, is it known to kernel developers ?

It's not a bug, it's a feature.

Cheers,
---------------------------------------------------------------
Andrei D. Caraman phone: +40 (1) 2050 637
Sr Network Engineer fax: +40 (1) 2050 655
Mediasat SA

This archive was generated by hypermail 2b27 : Thu Dec 30 1999 - 10:39:36 CST