>Number: 4313 >Category: os-linux >Synopsis: apache-ssl generates general protection fault >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Apr 27 07:50:01 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: Apache/1.3.3 Ben-SSL/1.29 (Unix) Debian >Environment: OS: Debian/Linux 2.0.36
Server version: Apache/1.3.3 Ben-SSL/1.29 (Unix) Debian/GNU Server built: Feb 9 1999 10:18:29 >Description: Apr 23 20:25:11 web1 kernel: Warning: possible SYN flood from 194.7.177.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:26:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:27:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:28:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:29:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:30:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:31:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:32:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:33:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:34:12 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:35:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:36:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:37:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:38:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:39:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:40:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:41:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:42:13 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:43:14 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:44:14 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:45:14 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:46:15 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:47:15 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:48:15 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:49:15 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 20:50:15 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 21:03:45 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 21:03:45 web1 last message repeated 5 times Apr 23 21:03:45 web1 kernel: Warning: possible SYN flood from 194.7.144.100 on 194.1.1.151:80. Sending cookies. Apr 23 21:03:45 web1 kernel: Warning: possible SYN flood from 194.1.1.145 on 194.1.1.146:21. Sending cookies. Apr 23 21:03:45 web1 last message repeated 4 times Apr 23 21:03:45 web1 kernel: Warning: possible SYN flood from 195.95.26.247 on 194.1.1.151:80. Sending cookies. Apr 23 21:03:45 web1 kernel: Warning: kfree_skb passed an skb still on a list (from 06e9e604). Apr 23 21:03:45 web1 kernel: general protection: 0000 Apr 23 21:03:45 web1 kernel: CPU: 0 Apr 23 21:03:45 web1 kernel: EIP: 0010:[serial:register_serial_R3425f38c+-20358260/324] Apr 23 21:03:45 web1 kernel: EFLAGS: 00010206 Apr 23 21:03:45 web1 kernel: eax: 06caf810 ebx: 06e9e414 ecx: 019fa800 edx: 019fa000 Apr 23 21:03:45 web1 kernel: esi: 00000114 edi: 00000000 ebp: 001bf4d4 esp: 05b07d50 Apr 23 21:03:45 web1 kernel: ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018 Apr 23 21:03:45 web1 kernel: Process apache-ssl (pid: 3042, process nr: 42, stackpage=05b07000) Apr 23 21:03:45 web1 kernel: Stack: 00139a57 06e9e414 06e9e414 019fa888 00139d57 06e9e414 019fa888 003af300 Apr 23 21:03:45 web1 kernel: 00000000 0000003c 0013a1e6 019fa888 00000000 003af398 00000040 0019a447 Apr 23 21:03:45 web1 kernel: 019fa888 00000000 00000001 019fa888 001bf56c 001bf4d4 019fa81a 019fa828 Apr 23 21:03:45 web1 kernel: Call Trace: [sock_wfree+35/44] [kfree_skb+183/244] [dev_kfree_skb+62/76] [ei_start_xmit+747/760] [do_dev_queue_xmit+455/504] [dev_queue_xmit+26/36] [ip_queue_xmit+409/492] Apr 23 21:03:45 web1 kernel: [tcp_send_ack+553/572] [tcp_delack_timer+0/16] [tcp_delack_timer+10/16] [timer_bh+749/820] [do_bottom_half+59/96] [handle_bottom_half+11/24] [load_elf_interp+32/736] [kfree_skb+44/244] Apr 23 21:03:45 web1 kernel: [cleanup_rbuf+83/148] [tcp_recvmsg+1002/1036] [inet_recvmsg+114/136] [<0808bb34>] [sock_read+171/192] [<0808bcd5>] [sys_read+192/232] [<0808bb34>] Apr 23 21:03:45 web1 kernel: [<0808baec>] [system_call+85/124] [<0808bb34>] [<0808baec>] Apr 23 21:03:45 web1 kernel: Code: 10 98 3e 03 10 48 5f 02 00 00 00 00 00 00 00 00 b8 9d 67 94 Apr 23 21:03:45 web1 kernel: Aiee, killing interrupt handler Apr 23 21:03:45 web1 kernel: general protection: 0000 Apr 23 21:03:45 web1 kernel: CPU: 0 Apr 23 21:03:45 web1 kernel: EIP: 0010:[def_callback3+15/60] Apr 23 21:03:45 web1 kernel: EFLAGS: 00010246 Apr 23 21:03:45 web1 kernel: eax: 00151200 ebx: 0606b414 ecx: 06b17010 edx: 00000000 Apr 23 21:03:45 web1 kernel: esi: 0606b414 edi: 00000000 ebp: cfeb773e esp: 030dbd74 Apr 23 21:03:45 web1 kernel: ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018 Apr 23 21:03:45 web1 kernel: Process apache-ssl (pid: 3065, process nr: 66, stackpage=030db000) Apr 23 21:03:45 web1 kernel: Stack: 06b176e8 00149631 0606b414 0606b414 0368a43c 000000e4 0368a458 00000000 Apr 23 21:03:45 web1 kernel: 00000000 00000400 056f2901 00000001 000000ff 00000000 0014a841 0606b414 Apr 23 21:03:45 web1 kernel: 0368a43c cfeb773e 00000014 001b69f0 0368a458 0368a428 00000000 00000001 Apr 23 21:03:45 web1 kernel: Call Trace: [tcp_ack+1405/2284] [tcp_rcv+2113/2468] [load_elf_interp+88/736] [ip_rcv+1047/1352] [net_bh+252/284] [do_bottom_half+59/96] [handle_bottom_half+11/24] Apr 23 21:03:45 web1 kernel: [load_elf_interp+51/736] [dcache_lookup+139/356] [ext2_lookup+129/368] [lookup+222/248] [dir_namei+155/304] [_namei+46/228] [<080ab5d4>] [<080ab5d4>] Apr 23 21:03:45 web1 kernel: [namei+48/72] [<080ab5d4>] [sys_newstat+41/88] [<080ab5d4>] [<080aab3c>] [system_call+85/124] [<080ab5d4>] [<080aab3c>] Apr 23 21:03:45 web1 kernel: [<080ab5d4>] Apr 23 21:03:45 web1 kernel: Code: 89 44 fa cf 39 83 3c 01 00 00 7c 1d 8b 83 d0 00 00 00 50 e8 Apr 23 21:03:45 web1 kernel: Aiee, killing interrupt handler Apr 23 21:03:45 web1 kernel: general protection: 0000 Apr 23 21:03:45 web1 kernel: CPU: 0 Apr 23 21:03:45 web1 kernel: EIP: 0010:[def_callback3+15/60] Apr 23 21:03:45 web1 kernel: EFLAGS: 00010246 Apr 23 21:03:45 web1 kernel: eax: 00151200 ebx: 06774414 ecx: 0346820c edx: 00000000 Apr 23 21:03:45 web1 kernel: esi: 06774414 edi: 00000000 ebp: c21d6e31 esp: 02ea9eb0 Apr 23 21:03:45 web1 kernel: ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018 >How-To-Repeat: sustained syn flooding of httpd ? >Fix: ? >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
