From owner-freebsd-security Thu Mar 29 8:58:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from router.pagearts.co.za (router.pagearts.co.za [196.25.102.154]) by hub.freebsd.org (Postfix) with ESMTP id BC31237B71A for ; Thu, 29 Mar 2001 08:58:34 -0800 (PST) (envelope-from james@pagearts.co.za) Received: from boubou (localhost.localdomain [127.0.0.1]) by router.pagearts.co.za (8.11.0/8.10.1) with SMTP id f2TGskR14117; Thu, 29 Mar 2001 18:54:46 +0200 Message-ID: <015e01c0b871$33158f00$4501a8c0@boubou> From: "James Greenfield" To: "Chris Faulhaber" , "Seorge" Cc: References: <4630.010329@rostokgroup.com> <20010329081208.A80429@peitho.fxp.org> Subject: Re: Something's happening with named Date: Thu, 29 Mar 2001 18:56:26 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I saw the same thing a while back (with the difference being that named exited due to a different signal) messages.0:Mar 11 02:04:36 /kernel: pid 44813 (named), uid 0: exited on signal 11 (core dumped) FreeBSD Version info: FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Nov 20 13:02:55 GMT 2000 jkh@bento.FreeBSD.org:/usr/src/sys/compile/GENERIC i386 named version info: named 8.2.3-T6B Mon Nov 20 11:27:49 GMT 2000 jkh@bento.FreeBSD.org:/usr/obj/usr/src/usr.sbin/named I did some looking to see if a newer 8.2.3 release was out, but I couldn't find a clear explanation of the meaning behind T6B. I see T9B is out (7 and 8 apparently being released as betas only?), but I've been unsure of the potential impact of an upgrade, and since this hasn't recurred I've left it and decided to keep an eye on things until it happens again. If someone could briefly explain the versioning used by bind, I'd appreciated it. Also, is it worth upgrading to T9B (or whatever the latest release is)? Thanks James Greenfield (Relatively new to the world of FreeBSD) ----- Original Message ----- From: "Chris Faulhaber" To: "Seorge" Cc: Sent: Thursday, March 29, 2001 3:12 PM Subject: Re: Something's happening with named On Thu, Mar 29, 2001 at 03:07:55PM +0200, Seorge wrote: > May be somebody knows what's going on? > > Not the first time I face the following problem: > While everything seems to work properly: sendmail, apache and so on > the following string is displayed and none of the local network or > Internet requests is answered. > Restarting named is the only way to get it back to life. > What could be the cause of this thing: attack or misconfiguration? > > Mar 26 11:29:11 nameoftheunix-server /kernel: pid 115 (named), uid 0: exited on signal 10 (core dumped) > > This event repeats from approximately twice a month with no systematic > rule. > What version of bind are you running. Have you upgraded since the bind advisory was released in January? ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:18.bind.asc If you are running a vulnerable server, it is possible that someone is trying to root you with an exploit meant for a different OS, causing bind to crash. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message