BIND 8.2.2-P5 crash
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Feb 7 22:20:34 UTC 2001
Named killed itself. See the abort() call in evDrop().
Now as to how it got here, yes it could be a bungled attempt
that cause memory to get over written.
Mark.
> Hi All!
>
> please help me to investigate the named crashes that happened on two of my
> servers recently. The period between these crashes was about 30 minutes.
>
> bind version 8.2.2-P5 build for FreeBSD 3.3-RELEASE
> (i know about recent BIND vulnerabilities and now install new 8.2.3 version)
>
> whether these crashes were a consequence of any attack?
>
> -------
> record from syslog:
> Feb 5 06:08:12 host /kernel: pid 135 (named), uid 0: exited on signal 6
> (core dumped)
>
> #gdb -c named.core named
>
> Core was generated by Named'.
> Program terminated with signal 6, Abort trap.
> Reading symbols from /usr/lib/libutil.so.2...done.
> Reading symbols from /usr/lib/libc.so.3...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0 0x281163d0 in kill () from /usr/lib/libc.so.3
> (gdb) where
> #0 0x281163d0 in kill () from /usr/lib/libc.so.3
> #1 0x2814a728 in abort () from /usr/lib/libc.so.3
> #2 0x8087b41 in __evDrop (opaqueCtx={opaque = 0xbfbfda64}, opaqueEv={
> opaque = 0xbfbfdc90}) at eventlib.c:614
> #3 0x8087a45 in __evDispatch (opaqueCtx={opaque = 0x280e5801}, opaqueEv={
> opaque = 0xbfbfdc34}) at eventlib.c:554
> -------
>
> PS: i tried to search explanation by these data in bind-users maillist
> archive but i couldn't.
>
> thanx in advance
> Michael Kichanov
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list