Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Jun 1999 13:39:42 -0600 (MDT)
From:      Nick Rogness <nick@rapidnet.com>
To:        Lutz Rabing <LutzRab@omc.net>
Cc:        security@FreeBSD.ORG
Subject:   Re: New Attack via sendmail?
Message-ID:  <Pine.BSF.4.05.9906141335580.15229-100000@rapidnet.com>
In-Reply-To: <199906141930.VAA14403@office.omc.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jun 1999, Lutz Rabing wrote:

> 
> I've seen some pretty strange lines in syslog of one of our webservers.
> 
> The box is running 2.2.8 with sendmail 8.9.3 and has never been out of
> swap space before, in fact it's not using swap space at all under normal
> conditions.


	What do your other logs say? (/var/log/maillog)
	
	What about your access_log from apache, where you getting
	hit hard on the web side?  The reason I ask is I see a perl
	exit in the log below.

> 
> Lutz Rabing
> -OMCnet-
> 
> ------------------------------------------------------------------------
> Jun 14 14:11:48 meg /kernel: swap_pager: out of swap space
> Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: /etc/spwd.db
> Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: OAA14935
> Jun 14 14:12:00 meg /kernel: swap_pager: out of swap space
> Jun 14 14:12:00 meg /kernel: pid 14964 (perl5.00404), uid 0: exited on signal 11
> Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db
> Jun 14 14:12:01 meg /kernel: pid 14963 (sh), uid 0: exited on signal 11
> Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db
> Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: /etc/spwd.db
> Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: NOQUEUE
> Jun 14 14:12:07 meg Jun 14 14:12:07sendmail[: NOQUEUE
> Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: out of memory
> Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: lost
> Jun 14 14:12:11 meg Jun 14 14:12:11sendmail[: NOQUEUE
> Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: /etc/spwd.db
> Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: NOQUEUE
> Jun 14 14:12:14 meg Jun 14 14:12:14sendmail[: NOQUEUE
> Jun 14 14:12:17 meg /kernel: swap_pager: out of swap space 
> Jun 14 14:12:19 meg last message repeated 2 times
> Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: /etc/spwd.db
> Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: NOQUEUE
> Jun 14 14:12:19 meg last message repeated 8 times
> Jun 14 14:12:20 meg /kernel: swap_pager: out of swap space
> Jun 14 14:12:23 meg /kernel: pid 14974 (mail.local), uid 0: exited on signal 11
> Jun 14 14:12:23 meg sendmail[14973]: OAA14972: SYSERR(UID0): mailer local died with signal 13
> Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: out of memory
> Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: lost
> Jun 14 14:12:35 meg Jun 14 14:12:35sendmail[: NOQUEUE
> Jun 14 14:12:45 meg Jun 14 14:12:45sendmail[: NOQUEUE
> Jun 14 14:12:58 meg /kernel: swap_pager: out of swap space
> Jun 14 14:13:00 meg /kernel: pid 16699 (sh), uid 0: exited on signal 11
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

*******************************************************************
Nick Rogness		    	 "Never settle with words what
System Administrator	          can be accomplished with a 
RapidNet, INC   		  flame-thrower"  
nick@rapidnet.com		
*******************************************************************




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906141335580.15229-100000>