Date: Thu, 29 Mar 2001 18:56:26 +0200 From: "James Greenfield" <james@pagearts.co.za> To: "Chris Faulhaber" <jedgar@fxp.org>, "Seorge" <seorge@rostokgroup.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Something's happening with named Message-ID: <015e01c0b871$33158f00$4501a8c0@boubou> References: <4630.010329@rostokgroup.com> <20010329081208.A80429@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I saw the same thing a while back (with the difference being that named
exited due to a different signal)
messages.0:Mar 11 02:04:36 <hostnameremoved> /kernel: pid 44813 (named), uid
0: exited on signal 11 (core dumped)
FreeBSD Version info:
FreeBSD <hostnameremoved> 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Nov 20
13:02:55 GMT 2000 jkh@bento.FreeBSD.org:/usr/src/sys/compile/GENERIC
i386
named version info:
named 8.2.3-T6B Mon Nov 20 11:27:49 GMT 2000
jkh@bento.FreeBSD.org:/usr/obj/usr/src/usr.sbin/named
I did some looking to see if a newer 8.2.3 release was out, but I couldn't
find a clear explanation of the meaning behind T6B. I see T9B is out (7 and
8 apparently being released as betas only?), but I've been unsure of the
potential impact of an upgrade, and since this hasn't recurred I've left it
and decided to keep an eye on things until it happens again.
If someone could briefly explain the versioning used by bind, I'd
appreciated it. Also, is it worth upgrading to T9B (or whatever the latest
release is)?
Thanks
James Greenfield (Relatively new to the world of FreeBSD)
----- Original Message -----
From: "Chris Faulhaber" <jedgar@fxp.org>
To: "Seorge" <seorge@rostokgroup.com>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, March 29, 2001 3:12 PM
Subject: Re: Something's happening with named
On Thu, Mar 29, 2001 at 03:07:55PM +0200, Seorge wrote:
> May be somebody knows what's going on?
>
> Not the first time I face the following problem:
> While everything seems to work properly: sendmail, apache and so on
> the following string is displayed and none of the local network or
> Internet requests is answered.
> Restarting named is the only way to get it back to life.
> What could be the cause of this thing: attack or misconfiguration?
>
> Mar 26 11:29:11 nameoftheunix-server /kernel: pid 115 (named), uid 0:
exited on signal 10 (core dumped)
>
> This event repeats from approximately twice a month with no systematic
> rule.
>
What version of bind are you running. Have you upgraded since the bind
advisory was released in January?
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:18.bind.asc
If you are running a vulnerable server, it is possible that someone is
trying to root you with an exploit meant for a different OS, causing bind
to crash.
--
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve - http://www.FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015e01c0b871$33158f00$4501a8c0>