From owner-freebsd-security Mon Jun 14 23:30:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3E92B15290 for ; Mon, 14 Jun 1999 23:30:50 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA46373; Tue, 15 Jun 1999 00:30:49 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA90548; Tue, 15 Jun 1999 00:30:33 -0600 (MDT) Message-Id: <199906150630.AAA90548@harmony.village.org> To: LutzRab@omc.net Subject: Re: New Attack via sendmail? Cc: security@FreeBSD.ORG In-reply-to: Your message of "Mon, 14 Jun 1999 21:30:58 +0200." <199906141930.VAA14403@office.omc.net> References: <199906141930.VAA14403@office.omc.net> Date: Tue, 15 Jun 1999 00:30:33 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199906141930.VAA14403@office.omc.net> "Lutz Rabing" writes: : I've seen some pretty strange lines in syslog of one of our webservers. : : The box is running 2.2.8 with sendmail 8.9.3 and has never been out of : swap space before, in fact it's not using swap space at all under normal : conditions. Have you used gdb to get a traceback sendmail.core? Have you considered building sendmail from sources and installing that binary if you have the stripped binary installed? I've not heard of attack like this recently. Also, I'd take a look at cucipop. It may be the case that it, or something else, is eating all the memory, causing problems for sendmail, et al. 'ps auxww' should help next time this happens. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message