RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5

From: Scott Walker Register (scott.register@us.checkpoint.com)
Date: 11/27/01


Date: Tue, 27 Nov 2001 12:16:59 -0500
From: Scott Walker Register <scott.register@us.checkpoint.com>
Subject: RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
To: "'vuln-dev@securityfocus.com'" <vuln-dev@securityfocus.com>, Yanek Korff <yanek@cigital.com>
Message-ID: <Chameleon.1006882061.walker@stinky>


Yanek-
We have identified a problem with the interaction of VPN-1/FW-1 4.1 and the 3Com 3c90x driver.
This problem can be fixed by using the newer 3c59x driver (instructions below), or updating your
version of VPN-1/FW-1. We have QA'ed extensively and found no problems after either of these solutions.

For anyone who is affected by this and is not able to use the updated 3Com driver, you may either
upgrade to VPN-1/FW-1 NG (which is stable even with the older 3com driver) or contact Check Point
Technical Services for a fix which can be applied to VPN-1/FW-1 4.1 SP5 to correct the problem. That
fix will be incorporated in future VPN-1/FW-1 4.1 releases.

Instructions for using the 3c59x driver:
        Login as root.
        Run linuxconf
        Select Config->Networking -> Client Tasks -> Host name and IP devices.
        Choose the relevant adapters.
        Change the "Kernel module" from "3c90x" to "3c59x"
        Accept the changes.
        New settings will take effect after networking is restarted.

-SwR

------------------------
  From: Yanek Korff <yanek@cigital.com>
  Subject: RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
  Date: Mon, 19 Nov 2001 13:44:48 -0500
  To: "'vuln-dev@securityfocus.com'" <vuln-dev@securityfocus.com>
  Cc: 'Scott Walker Register' <scott.register@us.checkpoint.com>, 'Andy Magoon' <Andy.Magoon@telethinking.com>

> I have finally figured out some of the problem. By default RH6.2 will load
> the 3c59x module for my three 3c905C-TX-M network cards. RH 6.2 does not
> panic when UDP scanned when using this kernel module.
>
> By default RH7.0 will load the 3c90x module for the same 3c905C-TX-M network
> cards. It does panic when UDP scanned. If I specify "alias eth0 3c59x" in
> modules.conf, the other module loads and the system no longer crashes.
> Additionally, I have recompiled a much smaller custom kernel and built the
> 3c59x drivers directly into the kernel - again, stable.
>
> What remains a mystery, to me at least, is what is causing UDP scans to give
> rise to a kernel panic. Regardless of which driver module I am using, the
> kernel panics only when firewall-1 is running.
>
> Thanks to all for your thoughts & testing.
>
> -Yanek.
>
> > -----Original Message-----
> > From: Andy Magoon [mailto:Andy.Magoon@telethinking.com]
> > Sent: Monday, November 19, 2001 10:45 AM
> > To: 'yanek@CIGITAL.COM'
> > Subject: RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
> >
> >
> > Yanek,
> >
> > I am running ckpt-fw1-v41-sp5 without a problem on a similar
> > configuration. UDP port scans with nmap do not affect my server,
> > and it behaves much better than the two before it (NT and W2K)
> > which always rebooted or stopped passing packets.
> >
> > Hardware: Dell PowerEdge 2200 with 64MB of RAM, 3Com
> > EtherLink III 3c905-TX (x2) and 3Com 3c509B (x1)
> >
> > Operating System: Red Hat Linux 6.1, kernel 2.2.12-20
> >
> > I have had much better luck with Firewall-1 on Linux than on
> > Windows, and will probably never again consider using a Windows
> > box as a firewalled gateway.
> >
> > Have you considered the warnings in the README that say not to run
> > Firewall-1 on a 2.4 kernel?
> >
> > Andy
> >
> >
> >
> > ---------------------
> > Original Message:
> >
> > ------------------------------
> >
> > Date: Tue, 13 Nov 2001 14:45:02 -0500
> > From: Yanek Korff <yanek@CIGITAL.COM>
> > Subject: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
> >
> > I'm testing out CP4.1 SP5 on Linux RH7.0. I seem to have
> > gotten everything
> > configured the way I want it and am starting to run some
> > scans to see what I
> > can see. Well, what I see is: nmap -sU -P0 ip_addr causes
> > the machine to
> > instantly crash with a kernel panic, or in some cases,
> > reboot. I'm not
> > great at troubleshooting kernel/module troubles so any help
> > would be greatly
> > appreciated. IF you happen to have a Linux CP FW-1 box you
> > could run nmap
> > against, I'd love to know your results (incl OS/kernel info).
> > Might want to
> > do this off-hours, though.
> >
> > Without CP-FW1 running (/etc/rc.d/init.d/firewall1 stop), I
> > cannot cause a
> > kernel panic with a UDP scan. Has anyone else noticed this behavior?
> >
> > Hardware:
> > Dell Dimension XPSB800r
> > 128MB RAM
> > 3Com EtherLink III 3c905-TX (three of them)
> >
> > Have been able to reproduce this problem with kernels:
> > 2.2.19-7 (CUSTOM)
> > 2.2.16-20 (GENERIC RH 7.0)
> >
> > Tail end of the error message (after register & stack dump):
> > Code: 8b 41 08 3d 2b 2f c3 a5 0f 85 c6 00 00 00 8b 41 0c 85 c0 74
> > Aiee, killing interrupt handler
> > Kernel panic: Attempted to kill the idle task!
> > In swapper task - not syncing
> >
> > -Yanek.
> >

---------------End of Original Message-----------------

----------------------------------------------------------------
Scott.Register@us.CheckPoint.com || FireWall-1 Product Manager
               Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 11/27/01 12:17:00
----------------------------------------------------------------



Relevant Pages

  • Re: Sudden high speed fan, then after a while a hard crash
    ... color, but a fairly distinctive black), with an open business-card-sized ... What I recall as some rather stern text said that I ... have to be a software bug in kernel or driver or other priveleged code - ... Misbehaving hardware drivers do cause kernel panics. ...
    (comp.sys.mac.apps)
  • Re: PROBLEM: network driver causes kernel panic
    ... >machine, kernel panics. ... I believe the driver is tulip, however not being able to remember ... The 2.4 kernel's tulip driver works just fine. ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: Warning: Finder doesnt save immediately
    ... Almost all the kernel panics I've met have been identified as software ... in the Hermstedt ISDN TA driver). ... All four PowerMacs bought by us have suffered hardware failure: ... Did the hardware corrupt memory or did the graphics ...
    (uk.comp.sys.mac)
  • NVidia driver stability?
    ... nvidia driver on CURRENT? ... It works fine in 2D mode, but running GL apps sometimes causes kernel panics. ... My setup is a PCI Geforce2 MX and a PCI TNT2. ...
    (freebsd-current)
  • RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
    ... kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 ... kernel panics only when firewall-1 is running. ...
    (Vuln-Dev)