Date: Mon, 14 Jun 1999 13:39:42 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: Lutz Rabing <LutzRab@omc.net> Cc: security@FreeBSD.ORG Subject: Re: New Attack via sendmail? Message-ID: <Pine.BSF.4.05.9906141335580.15229-100000@rapidnet.com> In-Reply-To: <199906141930.VAA14403@office.omc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jun 1999, Lutz Rabing wrote: > > I've seen some pretty strange lines in syslog of one of our webservers. > > The box is running 2.2.8 with sendmail 8.9.3 and has never been out of > swap space before, in fact it's not using swap space at all under normal > conditions. What do your other logs say? (/var/log/maillog) What about your access_log from apache, where you getting hit hard on the web side? The reason I ask is I see a perl exit in the log below. > > Lutz Rabing > -OMCnet- > > ------------------------------------------------------------------------ > Jun 14 14:11:48 meg /kernel: swap_pager: out of swap space > Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: /etc/spwd.db > Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: OAA14935 > Jun 14 14:12:00 meg /kernel: swap_pager: out of swap space > Jun 14 14:12:00 meg /kernel: pid 14964 (perl5.00404), uid 0: exited on signal 11 > Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db > Jun 14 14:12:01 meg /kernel: pid 14963 (sh), uid 0: exited on signal 11 > Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db > Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: /etc/spwd.db > Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: NOQUEUE > Jun 14 14:12:07 meg Jun 14 14:12:07sendmail[: NOQUEUE > Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: out of memory > Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: lost > Jun 14 14:12:11 meg Jun 14 14:12:11sendmail[: NOQUEUE > Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: /etc/spwd.db > Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: NOQUEUE > Jun 14 14:12:14 meg Jun 14 14:12:14sendmail[: NOQUEUE > Jun 14 14:12:17 meg /kernel: swap_pager: out of swap space > Jun 14 14:12:19 meg last message repeated 2 times > Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: /etc/spwd.db > Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: NOQUEUE > Jun 14 14:12:19 meg last message repeated 8 times > Jun 14 14:12:20 meg /kernel: swap_pager: out of swap space > Jun 14 14:12:23 meg /kernel: pid 14974 (mail.local), uid 0: exited on signal 11 > Jun 14 14:12:23 meg sendmail[14973]: OAA14972: SYSERR(UID0): mailer local died with signal 13 > Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: out of memory > Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: lost > Jun 14 14:12:35 meg Jun 14 14:12:35sendmail[: NOQUEUE > Jun 14 14:12:45 meg Jun 14 14:12:45sendmail[: NOQUEUE > Jun 14 14:12:58 meg /kernel: swap_pager: out of swap space > Jun 14 14:13:00 meg /kernel: pid 16699 (sh), uid 0: exited on signal 11 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ******************************************************************* Nick Rogness "Never settle with words what System Administrator can be accomplished with a RapidNet, INC flame-thrower" nick@rapidnet.com ******************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906141335580.15229-100000>