RH Kernel Vulnurability
George Toft
plug-discuss@lists.plug.phoenix.az.us
Tue, 19 Nov 2002 00:02:55 -0500
Eldric wrote:
>
> Security Advisory - RHSA-2002:262-07
> ------------------------------------------------------------------------------
> Summary:
> New kernel fixes local denial of service issue
> The kernel in Red Hat Linux 7.1, 7.1K, 7.2, 7.3, and 8.0 are vulnerable to
> a local denial of service attack. Updated packages are available which
> address this vulnerability, as well as bugs in several drivers.
> Description:
> The Linux kernel handles the basic functions of the operating system.
> A vulnerability in the Linux kernel has been discovered in which a non-root
> user can cause the machine to freeze. This kernel addresses the
> vulnerability.
> Note: This bug is specific to the x86 architecture kernels only, and does
> not affect ia64 or other architectures.
> In addition, a bug in the maestro3 soundcard driver has been fixed as well
> as a bug in the xircom pcmcia driver network driver and the tg3 network
> driver for Broadcom gigabit ethernet chips.
> All users of Red Hat Linux 7.1, 7.1K, 7.2, 7.3, and 8.0 should upgrade to
> these errata packages, which are not vulnerable to this issue.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
I just updated my kernel, now my logs are filled with this:
Nov 18 20:09:51 router kernel: eth1: Too much work at interrupt,
IntrStatus=0x0040.
Nov 18 20:27:02 router kernel: eth1: Too much work at interrupt,
IntrStatus=0x0040.
Nov 18 20:28:05 router last message repeated 8 times
Nov 18 20:29:08 router last message repeated 9 times
Nov 18 20:30:13 router last message repeated 7 times
Nov 18 20:31:47 router last message repeated 7 times
Nov 18 20:32:53 router last message repeated 14 times
Nov 18 20:36:25 router last message repeated 3 times
Nov 18 20:37:27 router last message repeated 15 times
Nov 18 20:38:29 router last message repeated 8 times
Nov 18 20:39:33 router last message repeated 8 times
Nov 18 20:40:34 router last message repeated 16 times
Nov 18 20:41:45 router last message repeated 14 times
Nov 18 20:42:54 router last message repeated 10 times
Nov 18 20:58:57 router last message repeated 10 times
Nov 18 21:04:41 router last message repeated 3 times
Nov 18 21:09:29 router kernel: eth1: Too much work at interrupt,
IntrStatus=0x0040.
Nov 18 21:10:41 router last message repeated 2 times
This is better, how? ifconfig shows me:
eth1 Link encap:Ethernet HWaddr 00:40:F4:18:B6:88
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1215728 errors:5038 dropped:113 overruns:4420
frame:0
TX packets:909844 errors:2948 dropped:0 overruns:0
carrier:5896
collisions:1690 txqueuelen:100
RX bytes:1111010474 (1059.5 Mb) TX bytes:204932139 (195.4 Mb)
Interrupt:11 Base address:0x5800
I have never, in 5 years of Linux/Unix usage/administration, ever seen a
dropped frame or an overrun. /proc/interrupts shows:
CPU0
0: 5356492 XT-PIC timer
1: 3 XT-PIC keyboard
2: 0 XT-PIC cascade
8: 1 XT-PIC rtc
10: 2251441 XT-PIC eth0
11: 2132278 XT-PIC eth1
14: 11461 XT-PIC ide0
15: 23 XT-PIC ide1
NMI: 0
ERR: 0
So I don't have an interrupt issue, yet I have had a substantial
increase in network problems with a simple kernel change. I will be
going back to my old kernel in the morning. Risk is mitigated as there
is only one local & remote login on this box (and it's not root!).
A google search only shows this error showed up in recent kernels, and
is not limited to just my NIC. If anyone has a clue on how to fix this
(other than changing lilo.conf to use the older kernel), I would
appreciate it.
George