From owner-freebsd-security Sun Nov 7 9:59: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 4BF9A14D8A for ; Sun, 7 Nov 1999 09:58:59 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id MAA06816 for ; Sun, 7 Nov 1999 12:58:58 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sun, 7 Nov 1999 12:58:58 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Nov 6 18:47:25 fledge /kernel: pid 3988 (sendmail), uid 0: exited , on signal 4 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Noticed this in my system log: Nov 6 18:47:25 fledge /kernel: pid 3988 (sendmail), uid 0: exited on signal 4 This doesn't normally happen and is a bit concerning. fledge:~> telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 fledge.watson.org ESMTP Sendmail 8.9.3/8.9.3; Sun, 7 Nov 1999 12:27:54 -0500 (EST) Which is the default version shipped in 3.3-RELEASE (or at least, this is currently a vanilla 3.3-RELEASE box :-). I'm concerned this could be a buffer-based attack, but don't see any of the signs of a successful compromise. Also, there were no signs of a scan of other open ports at the time. Has anyone else seen any of these lately? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message