[907] in bugtraq
Re: Solaris 2.3 ndd bug
daemon@ATHENA.MIT.EDU (Darren Reed)
Mon Feb 6 04:51:38 1995
From: Darren Reed <avalon@coombs.anu.edu.au>
To: shaver@ingenia.com (Mike Shaver)
Date: Mon, 6 Feb 1995 19:15:50 +1100 (EDT)
Cc: bugtraq@fc.net
In-Reply-To: <199502060716.CAA00256@ingenia.com> from "Mike Shaver" at Feb 6, 95 02:16:14 am
>
> I discovered a, er, shortcoming of /usr/sbin/ndd under Solaris 2.3 this
> evening....
>
> I was poking around, trying to learn more about the system I live in/with,
> that sort of thing, when I tried:
> /usr/sbin/ndd /dev/udp udp_status
>
> Boom! Instant kernel panic.
>
> I'm logged in from remote, so I didn't get to see all the nice messages, but
> this is the line in /var/adm/messages which seems relevant:
>
> Feb 6 01:52:21 iron unix: panic: recursive mutex_enter. mutex fc0acb50 caller fc02dabc
>
> I, um, reproduced it on another Solaris 2.3 system, so it seems like a real
> bug.
>
> And as I see it, this is a reasonably large one.
> Not only does it show a less-than-complete run of testing of Sun's udp code
> (I daren't try it with other devices until I have a test machine), but it
> could theoretically present an interesting denial of service attack.
>
> Anyone care to try it on 2.[24] or anything else w/ ndd?
ummmm, yeah, found that last year...fixed in 2.4
I had a problem with bsmconv being enabled (2.4), but I haven't tried the
latest kernel yet (101945-13). problem = kernel panic:
Jan 9 19:38:46 solaris2 unix: panic: AUDIT_SETF: path already allocated to file audit data