Date: Mon, 14 Jun 1999 21:52:21 +0200 From: "Lutz Rabing" <LutzRab@omc.net> To: Nick Rogness <nick@rapidnet.com> Cc: security@FreeBSD.ORG Subject: Re: New Attack via sendmail? Message-ID: <199906141952.VAA14960@office.omc.net> In-Reply-To: <Pine.BSF.4.05.9906141335580.15229-100000@rapidnet.com> References: <199906141930.VAA14403@office.omc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > I've seen some pretty strange lines in syslog of one of our webservers. > > > > The box is running 2.2.8 with sendmail 8.9.3 and has never been out of > > swap space before, in fact it's not using swap space at all under normal > > conditions. > > > What do your other logs say? (/var/log/maillog) > > What about your access_log from apache, where you getting > hit hard on the web side? The reason I ask is I see a perl > exit in the log below. There is nothing in "maillog" at that time and also nothing unusual in the apache log (just around 10 hits per second for a PIII-450 should be Ok) Thanks, Lutz > > > > > Lutz Rabing > > -OMCnet- > > > > ------------------------------------------------------------------------ > > Jun 14 14:11:48 meg /kernel: swap_pager: out of swap space > > Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: /etc/spwd.db > > Jun 14 14:11:48 meg Jun 14 14:11:48sendmail[: OAA14935 > > Jun 14 14:12:00 meg /kernel: swap_pager: out of swap space > > Jun 14 14:12:00 meg /kernel: pid 14964 (perl5.00404), uid 0: exited on signal 11 > > Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db > > Jun 14 14:12:01 meg /kernel: pid 14963 (sh), uid 0: exited on signal 11 > > Jun 14 14:12:01 meg Jun 14 14:12:01sendmail[: /etc/spwd.db > > Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: /etc/spwd.db > > Jun 14 14:12:05 meg Jun 14 14:12:05sendmail[: NOQUEUE > > Jun 14 14:12:07 meg Jun 14 14:12:07sendmail[: NOQUEUE > > Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: out of memory > > Jun 14 14:12:10 meg Jun 14 14:12:10cucipop[: lost > > Jun 14 14:12:11 meg Jun 14 14:12:11sendmail[: NOQUEUE > > Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: /etc/spwd.db > > Jun 14 14:12:12 meg Jun 14 14:12:12sendmail[: NOQUEUE > > Jun 14 14:12:14 meg Jun 14 14:12:14sendmail[: NOQUEUE > > Jun 14 14:12:17 meg /kernel: swap_pager: out of swap space > > Jun 14 14:12:19 meg last message repeated 2 times > > Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: /etc/spwd.db > > Jun 14 14:12:19 meg Jun 14 14:12:19sendmail[: NOQUEUE > > Jun 14 14:12:19 meg last message repeated 8 times > > Jun 14 14:12:20 meg /kernel: swap_pager: out of swap space > > Jun 14 14:12:23 meg /kernel: pid 14974 (mail.local), uid 0: exited on signal 11 > > Jun 14 14:12:23 meg sendmail[14973]: OAA14972: SYSERR(UID0): mailer local died with signal 13 > > Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: out of memory > > Jun 14 14:12:26 meg Jun 14 14:12:26cucipop[: lost > > Jun 14 14:12:35 meg Jun 14 14:12:35sendmail[: NOQUEUE > > Jun 14 14:12:45 meg Jun 14 14:12:45sendmail[: NOQUEUE > > Jun 14 14:12:58 meg /kernel: swap_pager: out of swap space > > Jun 14 14:13:00 meg /kernel: pid 16699 (sh), uid 0: exited on signal 11 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > ******************************************************************* > Nick Rogness "Never settle with words what > System Administrator can be accomplished with a > RapidNet, INC flame-thrower" > nick@rapidnet.com > ******************************************************************* > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > Mit freundlichen Gruessen, Lutz Rabing -OMCnet- -- "The box said 'Requires Windows 98, NT, Linux or better' so I installed FreeBSD." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906141952.VAA14960>