From owner-freebsd-security Mon Jun 14 12:31:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from office.omc.net (office.omc.net [195.185.142.22]) by hub.freebsd.org (Postfix) with ESMTP id 81396150A6 for ; Mon, 14 Jun 1999 12:31:01 -0700 (PDT) (envelope-from LutzRab@omc.net) Received: from lutz (lutz.omc.net [195.185.142.3]) by office.omc.net (8.9.3/8.9.3) with SMTP id VAA14403 for ; Mon, 14 Jun 1999 21:30:58 +0200 (CEST) Message-Id: <199906141930.VAA14403@office.omc.net> From: "Lutz Rabing" Organization: OMCnet IS GmbH To: security@FreeBSD.ORG Date: Mon, 14 Jun 1999 21:30:58 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: New Attack via sendmail? Reply-To: LutzRab@omc.net X-mailer: Pegasus Mail for Win32 (v3.11) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've seen some pretty strange lines in syslog of one of our webservers. The box is running 2.2.8 with sendmail 8.9.3 and has never been out of swap space before, in fact it's not using swap space at all under normal conditions. Lutz Rabing -OMCnet- ------------------------------------------------------------------------ Jun 14 14:11:48 meg /kernel: swap_pager: out of swap space Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: /etc/spwd.db Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: OAA14935 Jun 14 14:12:00 meg /kernel: swap_pager: out of swap space Jun 14 14:12:00 meg /kernel: pid 14964 (perl5.00404), uid 0: exited on signal 11 Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db Jun 14 14:12:01 meg /kernel: pid 14963 (sh), uid 0: exited on signal 11 Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: /etc/spwd.db Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: NOQUEUE Jun 14 14:12:07 meg Jun 14 14:12:07sendmail[: NOQUEUE Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: out of memory Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: lost Jun 14 14:12:11 meg Jun 14 14:12:11sendmail[: NOQUEUE Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: /etc/spwd.db Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: NOQUEUE Jun 14 14:12:14 meg Jun 14 14:12:14sendmail[: NOQUEUE Jun 14 14:12:17 meg /kernel: swap_pager: out of swap space Jun 14 14:12:19 meg last message repeated 2 times Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: /etc/spwd.db Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: NOQUEUE Jun 14 14:12:19 meg last message repeated 8 times Jun 14 14:12:20 meg /kernel: swap_pager: out of swap space Jun 14 14:12:23 meg /kernel: pid 14974 (mail.local), uid 0: exited on signal 11 Jun 14 14:12:23 meg sendmail[14973]: OAA14972: SYSERR(UID0): mailer local died with signal 13 Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: out of memory Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: lost Jun 14 14:12:35 meg Jun 14 14:12:35sendmail[: NOQUEUE Jun 14 14:12:45 meg Jun 14 14:12:45sendmail[: NOQUEUE Jun 14 14:12:58 meg /kernel: swap_pager: out of swap space Jun 14 14:13:00 meg /kernel: pid 16699 (sh), uid 0: exited on signal 11 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message