Bind crashing on Signal 11
Jim Reid
jim at rfc1035.com
Mon Apr 16 09:25:40 UTC 2001
>>>>> "Adam" == Adam Clark <chumblybum at optushome.com.au> writes:
Adam> I've seen a few questions about this but none seem to have
Adam> an answer periodically my named does this
Adam> Apr 16 01:26:12 portal /kernel: pid 18014 (named), uid 53: exited on signal 11
Signal 11 is caused by a segmentation violation: the process tried to
access something outside its address space. This "cannot happen" as
BIND is very careful about how it uses pointers and dynamically
allocated memory. [If it didn't BIND name servers would be dying all
over the place all of the time. They don't.] A more likely explanation
is a script kiddie is attempting a buffer overrun attack -- the LION
worm? -- and getting it wrong. The overrun succeeds and corrupts the
name server's cache, causing the SIGSEGV. But the kiddie doesn't get a
shell running on your system. See January's CERT advisory for more
information. http://www.isc.org/products/BIND/bind-security.html is
also *strongly* recommended.
Adam> I'm running named 8.2.2-P5 Fri Jul 7 07:23:05 EST 2000
Upgrade to 8.2.3 immediately. The version you're running has security
holes and the above error suggests your name server is being attacked.
More information about the bind-users
mailing list