[Bug 241979] New: Marconi ASX DoS
https://bugzilla.novell.com/show_bug.cgi?id=241979 Summary: Marconi ASX DoS Product: openSUSE 10.2 Version: Final Platform: x86 OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: scx.dps@gmail.com QAContact: qa@suse.de I perform few Nessus tests sometimes to ensure all is fine, however I just got to try a Xmas tree test and got with a DoS problem, and tried with two kernels. The one I am using (modified from Jen) and the default Opensuse kernel but got the same, also ask someone in the IRC to check but no one could. So I am posting this bug here, unable to determine if I have a false alarm or not. I attach a log using my own kernel 'cause I didn't save the old tests (and Nessus takes a long to finish the test) but the logs are the same. Hope it is just something I have wrong locally. http://www.nessus.org/plugins/index.php?view=single&id=10635 http://www.securityfocus.com/bid/2400 :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241979 ------- Comment #1 from scx.dps@gmail.com 2007-02-03 04:18 MST ------- Created an attachment (id=117245) --> (https://bugzilla.novell.com/attachment.cgi?id=117245&action=view) The Nessus log (Using my kernel) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241979 ------- Comment #2 from thomas@novell.com 2007-02-05 02:55 MST ------- Is the machine really not working after the scan? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241979 ------- Comment #3 from thomas@novell.com 2007-02-05 04:51 MST ------- I tried nessus, hping2, and an exploit for this DoS against two opensuse 10.2 systems and they are still running. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241979 ------- Comment #4 from lkundrak@redhat.com 2007-02-05 05:02 MST ------- Seems to be a false alarm. I was unable to do any harm either OpenSUSE or Fedora Core kernel with the reproducer for the Marconi switch flaw: http://downloads.securityfocus.com/vulnerabilities/exploits/asxswitch.c Hadron S: Do you judge that there is a DoS just from the Nessus report? Do you run a webserver, at all? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241979 scx.dps@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #5 from scx.dps@gmail.com 2007-02-07 02:52 MST ------- @Thomas Biege: @all: Ok, I got time yesterday to make a few tests in another instalation and functioned fine, the test I did, didn't crash the machine and was not affected at all, in the previous test (the one I posted) the LAN connection broke for a about 1min. It seams to be just something here... I guess what though. Thanks for the testings. - Closing bug - If anyone gets the connection broken, please reopen the bug. @ Lubomir Kundrak: Never judged the vulnerability as true, I pointed out there --might-- be a vulnerability and needed someone else to check; doesn't even matter if -- I -- have an Apache running or not. Anyway, thanks for the testing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com