From owner-freebsd-security Thu Mar 29 5:12:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id B253137B719 for ; Thu, 29 Mar 2001 05:12:08 -0800 (PST) (envelope-from cdf.lists@fxp.org) Received: by peitho.fxp.org (Postfix, from userid 1501) id 710A713614; Thu, 29 Mar 2001 08:12:08 -0500 (EST) Date: Thu, 29 Mar 2001 08:12:08 -0500 From: Chris Faulhaber To: Seorge Cc: freebsd-security@FreeBSD.ORG Subject: Re: Something's happening with named Message-ID: <20010329081208.A80429@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Seorge , freebsd-security@FreeBSD.ORG References: <4630.010329@rostokgroup.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4630.010329@rostokgroup.com>; from seorge@rostokgroup.com on Thu, Mar 29, 2001 at 03:07:55PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 29, 2001 at 03:07:55PM +0200, Seorge wrote: > May be somebody knows what's going on? >=20 > Not the first time I face the following problem: > While everything seems to work properly: sendmail, apache and so on > the following string is displayed and none of the local network or > Internet requests is answered. > Restarting named is the only way to get it back to life. > What could be the cause of this thing: attack or misconfiguration? >=20 > Mar 26 11:29:11 nameoftheunix-server /kernel: pid 115 (named), uid 0: exi= ted on signal 10 (core dumped) >=20 > This event repeats from approximately twice a month with no systematic > rule. >=20 What version of bind are you running. Have you upgraded since the bind advisory was released in January? ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:18.bind.asc If you are running a vulnerable server, it is possible that someone is trying to root you with an exploit meant for a different OS, causing bind to crash. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjrDNKgACgkQObaG4P6BelAJnQCeLkV1G/zjnxruA05mtneCqYPd 4asAnRKsdm3+I/5f9Ad9UO+H378PFn6x =Oq4l -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message