Date: Sat, 16 Mar 2002 10:39:06 -0500 From: Ralph Dratman <ralph@maxsoft.com> To: freebsd-questions@freebsd.org Subject: Worrisome log messages about sshd and httpd Message-ID: <v04210109b8b9158a6b60@[192.168.1.27]>
next in thread | raw e-mail | index | archive | help
Any and all,
My system (4.2-RELEASE) normally runs very well and is extremely stable.
Yesterday the following appeared in my security email:
=====================
www.dratman.com kernel log messages:
> 0xc2adac88
> pid 16214 (sshd), uid 0: exited on signal 11 (core dumped)
> pid 16215 (sshd), uid 0: exited on signal 11 (core dumped)
> pid 16216 (sshd), uid 0: exited on signal 11 (core dumped)
>... (more of the same)
> pid 16229 (sshd), uid 0: exited on signal 11 (core dumped)
> pid 16230 (sshd), uid 0: exited on signal 11 (core dumped)
> pid 16237 (sshd), uid 0: exited on signal 11 (core dumped)
> pid 16891 (locate.code), uid 65534 on /: file system full
=====================
and dmesg gave me more nice material, again repeated many times:
=====================
vnode_pager_getpages: I/O read error
vm_fault: pager read error, pid 5827 (ftpd)
vnode_pager: *** WARNING *** stale FS getpages
No strategy for buffer at 0xc2adac88
: 0xc7b89ec0: type VREG, usecount 4, writecount 0, refcount 0, flags (VOBJBUF)
tag VT_PROCFS, type 6, pid 5827, mode 180, flags 0
: 0xc7b89ec0: type VREG, usecount 4, writecount 0, refcount 0, flags (VOBJBUF)
tag VT_PROCFS, type 6, pid 5827, mode 180, flags 0
vnode_pager_getpages: I/O read error
vm_fault: pager read error, pid 5827 (ftpd)
vnode_pager: *** WARNING *** stale FS getpages
No strategy for buffer at 0xc2adac88
: 0xc7bf6080: type VREG, usecount 4, writecount 0, refcount 0, flags (VOBJBUF)
tag VT_PROCFS, type 5, pid 5827, mode 180, flags 0
: 0xc7bf6080: type VREG, usecount 4, writecount 0, refcount 0, flags (VOBJBUF)
tag VT_PROCFS, type 5, pid 5827, mode 180, flags 0
vnode_pager_getpages: I/O read error
vm_fault: pager read error, pid 5827 (ftpd)
pid 94028 (httpd), uid 65534: exited on signal 11
pid 94003 (httpd), uid 65534: exited on signal 11
pid 93975 (httpd), uid 65534: exited on signal 11
pid 93974 (httpd), uid 65534: exited on signal 11
pid 93973 (httpd), uid 65534: exited on signal 11
pid 54584 (httpd), uid 0: exited on signal 11 (core dumped)
pid 181 (httpd), uid 0: exited on signal 10 (core dumped)
pid 16214 (sshd), uid 0: exited on signal 11 (core dumped)
pid 16215 (sshd), uid 0: exited on signal 11 (core dumped)
pid 16216 (sshd), uid 0: exited on signal 11 (core dumped)
pid 16236 (sshd), uid 0: exited on signal 11 (core dumped)
pid 16237 (sshd), uid 0: exited on signal 11 (core dumped)
pid 16891 (locate.code), uid 65534 on /: file system full
=====================
Am I seeing some kind of buffer-overflow attack? Can anyone suggest
what might be happening here?
The system is still alive as of this morning and otherwise seems to
be functioning normally.
Thanks in advance for any thoughts or insights.
Regards,
Ralph Dratman
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04210109b8b9158a6b60>